使用AWS开发工具包从AWS Elastic Search获取索引时出现403禁止错误

Question

I am using AWS SDK to connect to elastic search. I am following https://docs.aws.amazon.com/elasticsearch-service/latest/developerguide/es-indexing.html

Other question in this topic were more like permission issues or issue while writing to elasticsearch. For me writing is working fine, only reading is giving me the error

The POST method works all fine and it is adding the indexes. I am making a GET request for search in the same manner

  public void getIndexedRecords(String index,String type,String id,String documentJSON){

        try {
            String endpoint = host +"/" +index+"/_search" ;
            // Builds the request. We need an AWS service, URI, HTTP method, and request
            // body (in this case, JSON).

            Request<?> request = new DefaultRequest<Void>(service);
            request.setEndpoint(new URI(endpoint));
            request.setHttpMethod(HttpMethodName.GET);
            request.setContent(new ByteArrayInputStream(documentJSON.getBytes()));

            // Retrieves our credentials from the computer. For more information on where
            // this class looks for credentials, see
            // http://docs.aws.amazon.com/AWSJavaSDK/latest/javadoc/com/amazonaws/auth/DefaultAWSCredentialsProviderChain.html.

            String accessKey = CommonUtils.getCommonProperty("accessKey", "");
            String secretKey = CommonUtils.getCommonProperty("secretKey", "");;
            AWSCredentials creds = new BasicAWSCredentials(accessKey, secretKey);

            // Signs the request using our region, service, and credentials. AWS4Signer
            // modifies the original request rather than returning a new request.

            AWS4Signer signer = new AWS4Signer();
            signer.setRegionName(region);
            signer.setServiceName(service);
            signer.sign(request, creds);
            request.addHeader("Content-Type", "application/json");

            // Creates and configures the HTTP client, creates the error and response
            // handlers, and finally executes the request.

            ClientConfiguration config = new ClientConfiguration();
            config.setProtocol(Protocol.HTTPS);
            AmazonHttpClient client = new AmazonHttpClient(config);
            System.out.println(client);
            ExecutionContext context = new ExecutionContext(true);
            ESAWSErrorHandler errorHandler = new ESAWSErrorHandler();
            ESAWSResponseHandler<Void> responseHandler = new ESAWSResponseHandler<Void>();
            client.requestExecutionBuilder().executionContext(context).errorResponseHandler(errorHandler).request(request)
                    .execute(responseHandler);
        } catch (Exception e) {
            e.printStackTrace();
        }


    }

But it gives me a 403 forbidden error. When I do Curl XGET with my endpoint url I am getting the result. What am I doing wrong here?

com.amazonaws.AmazonServiceException: (Service: null; Status Code: 403; Error Code: Forbidden; Request ID: null) at com.amazonaws.http.AmazonHttpClient$RequestExecutor.handleErrorResponse(AmazonHttpClient.java:1588) at com.amazonaws.http.AmazonHttpClient$RequestExecutor.executeOneRequest(AmazonHttpClient.java:1258) at com.amazonaws.http.AmazonHttpClient$RequestExecutor.executeHelper(AmazonHttpClient.java:1030) at com.amazonaws.http.AmazonHttpClient$RequestExecutor.doExecute(AmazonHttpClient.java:742) at com.amazonaws.http.AmazonHttpClient$RequestExecutor.executeWithTimer(AmazonHttpClient.java:716) at com.amazonaws.http.AmazonHttpClient$RequestExecutor.execute(AmazonHttpClient.java:699) at com.amazonaws.http.AmazonHttpClient$RequestExecutor.access$500(AmazonHttpClient.java:667) at com.amazonaws.http.AmazonHttpClient$RequestExecutionBuilderImpl.execute(AmazonHttpClient.java:649)

Answer 1

I guess you would need es:ESHttpGet in your ES policy.

Reference:
Amazon Elasticsearch Service Access Control
Control Access to Your Amazon Elasticsearch Service Domain