AWS 权限错误…… Kinesis Firehose 没有向 Elasticsearch 发送数据……
[英]AWS permissions error … Kinesis Firehose is not sending data to Elasticsearch…
问题描述
I get this error in CloudWatch logs of kinesis firehose
我在 kinesis firehose 的 CloudWatch 日志中收到此错误
{
"deliveryStreamARN": "arn:aws:firehose:us-west-2:917877325894:deliverystream/test_dynamodb",
"destination": "arn:aws:es:us-west-2:917877325894:domain/test-dynamodb2",
"deliveryStreamVersionId": 1,
"message": "Error received from Elasticsearch cluster. {\"error\":{\"root_cause\":[{\"type\":\"security_exception\",\"reason\":\"no permissions for [indices:data/write/bulk] and User [name=arn:aws:iam::917877325894:role/firehose_delivery_role2, backend_roles=[arn:aws:iam::917877325894:role/firehose_delivery_role2], requestedTenant=null]\"}],\"type\":\"security_exception\",\"reason\":\"no permissions for [indices:data/write/bulk] and User [name=arn:aws:iam::917877325894:role/firehose_delivery_role2, backend_roles=[arn:aws:iam::917877325894:role/firehose_delivery_role2], requestedTenant=null]\"},\"status\":403}",
"errorCode": "ES.ServiceException"
}
I have added all different policies to the role attached to Firehose but still getting the same error.(btw the role was made by firehose itself but I tried also adding more policies with no different result)我已将所有不同的策略添加到附加到 Firehose 的角色中,但仍然出现相同的错误。(顺便说一下,该角色是由 firehose 本身创建的,但我也尝试添加更多策略但没有不同的结果)
I also have open access policy for the elasticsearch domain我也有 elasticsearch 域的开放访问策略
Did anyone face the same thing before?以前有人遇到过同样的事情吗?
1 个解决方案
解决方案1
0 2020-12-18 17:52:42
I had the same problem, instructions for troubleshooting are here我有同样的问题,故障排除说明在这里
https://aws.amazon.com/premiumsupport/knowledge-center/es-troubleshoot-cloudwatch-logs/ https://aws.amazon.com/premiumsupport/knowledge-center/es-troubleshoot-cloudwatch-logs/
Go to Kibana and add your all_access mapping. Go 到 Kibana 并添加您的all_access映射。 Voila.瞧。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.