堆栈内存溢出
  简体   繁体   English

Elasticsearch 服务与 Cognito — 如何通过 Python HTTP 请求访问

[英]Elasticsearch Service with Cognito — how to access via Python HTTP request

 原文  2021-01-08 04:35:46       python/ amazon-web-services/ elasticsearch

问题描述

I recently setup an Elasticsearch service and configured it to use Cognito for identify management.我最近设置了一个 Elasticsearch 服务并将其配置为使用 Cognito 进行身份管理。 I followed this guide and so far everything is working exactly as expected.我遵循了本指南,到目前为止一切都按预期工作。 I'm able to add new users as expected, and they can access Kibana as expected.我能够按预期添加新用户,他们可以按预期访问 Kibana。

However, I would also like to use Python to interact with the Elasticsearch service.但是,我还想使用 Python 与 Elasticsearch 服务进行交互。 I've following this guide , but I get permission errors about not having the right access.我已遵循本指南,但我收到有关没有正确访问权限的权限错误。

from elasticsearch import Elasticsearch, RequestsHttpConnection
from requests_aws4auth import AWS4Auth
import boto3

host = 'hostname.us-east-2.es.amazonaws.com/'
region = 'us-east-2'
service = 'es'
credentials = boto3.Session().get_credentials()
awsauth = AWS4Auth(credentials.access_key, credentials.secret_key, region, service, session_token=credentials.token)

es = Elasticsearch(
    hosts = [{'host': host, 'port': 443}],
    http_auth = awsauth,
    use_ssl = True,
    verify_certs = True,
    connection_class = RequestsHttpConnection
)

print(es.info())

AuthorizationException: AuthorizationException(403, 'security_exception', 'no permissions for [indices:admin/get] and User [name=arn:aws:iam::12345678:user/username, backend_roles=[], requestedTenant=null]')

I'm not sure if the issue is related to the way that I have Conginto configured, or if it's related to the way that I'm submitting this request.我不确定问题是否与我配置 Conginto 的方式有关,或者是否与我提交此请求的方式有关。 Any help on figuring out where my issue might be would be greatly appreciated.任何有关找出我的问题可能出在哪里的帮助将不胜感激。

1 个解决方案

解决方案1
 1 已采纳  2021-01-12 22:36:38

It happened to me too.它也发生在我身上。 There are two ways I found, you have to create an IAM user for both of them.我找到了两种方法,您必须为它们创建一个 IAM 用户。

  • Open IAM console and give necessary policies to IAM user for reaching your elasticsearch domain (or I attached "AdministratorAccess" policy only (It gives all access of AWS)), then you should use credentials of this IAM account.打开 IAM 控制台并为 IAM 用户提供必要的策略以访问您的 elasticsearch 域(或者我仅附加了“AdministratorAccess”策略(它提供 AWS 的所有访问权限)),然后您应该使用此 IAM 帐户的凭证。
  • Or open kibana -> security -> roles -> click all_access role -> mapped_users -> manage_mapping.或者打开kibana -> security -> roles -> 点击all_access role -> mapped_users -> manage_mapping。 Then you should add arn of your IAM user to backend roles.然后,您应该将 IAM 用户的 arn 添加到后端角色。 You have to use this user's credentials not "boto3.Session().get_credentials()" on your code to connect ES.您必须在代码上使用此用户的凭据而不是“boto3.Session().get_credentials()”来连接 ES。 I suggest the second one if you are not familiar with IAM roles and policies.如果您不熟悉 IAM 角色和策略,我建议您使用第二个。

您应该在 kibana 中转到此页面:

您可以使用此按钮为 IAM 用户创建凭证

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 如何通过python http请求发送大型JSON文件 - How to send a large JSON file via python http request 通过HTTP请求运行Python Scrapy脚本 - Run Python Scrapy script via HTTP request 如何访问 http 请求的正文 - How to access the body of an http request 使用服务主体通过 python 访问 Sharepoint - Access Sharepoint via python using service principal 如何为Python Elasticsearch mSearch创建请求体 - How to create request body for Python Elasticsearch mSearch 如何在Python中使用发布请求在Elasticsearch中建立索引? - How to index in elasticsearch using post request in Python? 如何在python中发送此http请求? - How to send this http request in python? 如何将http请求转换为Python? - How to convert http request to Python? 如何通过单个 HTTP 请求获取 Python 最新稳定版本的版本号? - How to get the version number of the latest stable release of Python via single HTTP request? 如何通过HTTP身份验证访问datahug API? - How to access datahug API via HTTP Authentication?
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM