Accessing AWS Elasticsearch from Lambda Function
Question
I am trying to access my AWS Elasticsearch from a Lambda function.
Using the Serverless Framework and an IP-based access policy, I was already able to achieve this locally.
For the deployed lambda function I tried using the ARN of the Lambda Function Role and the ARN of the Lambda function (the one on the top right when viewing the function in the console) in my access policy.
Sadly I still get the following error: User: anonymous is not authorized to perform: es:ESHttpPost
This is my AWS Access Policy:
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"AWS": "arn-of-lambda-function-role"
},
"Action": "es:*",
"Resource": "my-resource-arn"
},
{
"Effect": "Allow",
"Principal": {
"AWS": "*"
},
"Action": "es:*",
"Resource": "my-resource-arn",
"Condition": {
"IpAddress": {
"aws:SourceIp": "my-ip"
}
}
}
]
}
1 answers
solution1
1 ACCPTED 2020-04-18 20:20:21
Are you signing your requests to the ES instance? According to the https://docs.aws.amazon.com/elasticsearch-service/latest/developerguide/es-ac.html#es-managedomains-signing-service-requests
To make calls to the Elasticsearch APIs, you must sign your own requests.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.