从 Lambda Function 访问 AWS Elasticsearch
[英]Accessing AWS Elasticsearch from Lambda Function
问题描述
I am trying to access my AWS Elasticsearch from a Lambda function.
我正在尝试从 Lambda function 访问我的 AWS Elasticsearch。
Using the Serverless Framework and an IP-based access policy, I was already able to achieve this locally.使用无服务器框架和基于 IP 的访问策略,我已经能够在本地实现这一点。
For the deployed lambda function I tried using the ARN of the Lambda Function Role and the ARN of the Lambda function (the one on the top right when viewing the function in the console) in my access policy. For the deployed lambda function I tried using the ARN of the Lambda Function Role and the ARN of the Lambda function (the one on the top right when viewing the function in the console) in my access policy.
Sadly I still get the following error: User: anonymous is not authorized to perform: es:ESHttpPost可悲的是我仍然收到以下错误: User: anonymous is not authorized to perform: es:ESHttpPost
This is my AWS Access Policy:这是我的 AWS 访问策略:
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"AWS": "arn-of-lambda-function-role"
},
"Action": "es:*",
"Resource": "my-resource-arn"
},
{
"Effect": "Allow",
"Principal": {
"AWS": "*"
},
"Action": "es:*",
"Resource": "my-resource-arn",
"Condition": {
"IpAddress": {
"aws:SourceIp": "my-ip"
}
}
}
]
}
1 个解决方案
解决方案1
1 已采纳 2020-04-18 20:20:21
Are you signing your requests to the ES instance?您是否正在签署对 ES 实例的请求? According to the https://docs.aws.amazon.com/elasticsearch-service/latest/developerguide/es-ac.html#es-managedomains-signing-service-requests根据https://docs.aws.amazon.com/elasticsearch-service/latest/developerguide/es-ac.html#es-managedomains-signing-service-requests
To make calls to the Elasticsearch APIs, you must sign your own requests.
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.