[英]Connecting to Elasticsearch - Amazon Elasticsearch service - IAM user
我选择了“允许访问一个或多个AWS账户或IAM用户”
我的访问政策
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"AWS": "arn:aws:iam::12345678910:user/elastic"
},
"Action": "es:*",
"Resource": "arn:aws:es:eu-west-1:123456789:domain/elastic-cluster/*"
}
]
}
我创建了一个IAM配置文件-
user - elastic
password -hisdfdsfds
Access key Id - sdsfdssdfdsfdsfdsfsdfsd
Secret Access Key - sdsfdsfdsfsdfdsfds
当我尝试连接时
$params = array();
$params['hosts'] = array (
'search-elastic-cluster-sdfsdfsdfs.eu-east.es.amazonaws.com:80',
);
$client = new Elasticsearch\Client($params);
它引发以下错误:
{"Message":"User: anonymous is not authorized to perform: es:ESHttpPost on resource: arn:aws:es:eu-west-1:dsfdsfsdfsdsd:domain/elastic-cluster/sdsfsfds/sdfdsfdssd/_search"}
我发现可以通过已签名的版本4签名请求来访问它。 我尝试这样做,但是不能。 也许方法是错误的。
如果有人在创建对Elasticsearch域的签名版本4请求中提出建议,我会很高兴。 使用我上面所述的参数的示例将非常有帮助。 提前致谢。
应用程序需要签署去Elasticsearch的请求。 适用于您选择的语言的AWS开发工具包应具有创建签名请求凭证的方法。
当您向您的请求提供凭据时,应该没问题,一切顺利。
这是使用javascript sdk的代码段:
var AWS = require('aws-sdk'); var creds = new AWS.EnvironmentCredentials('AWS'); var esDomain = { region: 'us-east-1', endpoint: 'yoursearchdomain.region.amazonaws.com', index: 'myindex', doctype: 'mytype' }; var endpoint = new AWS.Endpoint(esDomain.endpoint); var req = new AWS.HttpRequest(endpoint); req.method = 'POST'; req.path = path.join('/', esDomain.index, esDomain.doctype); req.region = esDomain.region; req.headers['presigned-expires'] = false; req.headers['Host'] = endpoint.host; req.headers['Content-Type'] = 'application/json'; req.body = doc; var signer = new AWS.Signers.V4(req , 'es'); signer.addAuthorization(creds, new Date()); var send = new AWS.NodeHttpClient(); send.handleRequest(req, null, function(httpResp) { var respBody = ''; httpResp.on('data', function (chunk) { respBody += chunk; }); httpResp.on('end', function (chunk) { console.log('Response: ' + respBody); context.succeed('Lambda added document ' + doc); }); }, function(err) { console.log('Error: ' + err); context.fail('Lambda failed with error ' + err); });
带有Amazon Elasticsearch Service的JHipster Elasticsearch
[英]JHipster Elasticsearch with Amazon Elasticsearch Service
如何在Amazon Elasticsearch Service中检查Elasticsearch日志?
[英]How to check Elasticsearch logs in Amazon Elasticsearch Service?
Django-Haystack使用Amazon Elasticsearch托管和IAM凭证
[英]Django-Haystack using Amazon Elasticsearch hosting with IAM credentials
Kibana将无法通过Amazon的Elasticsearch Service连接到Elasticsearch
[英]Kibana won't connect to Elasticsearch on Amazon's Elasticsearch Service
AWS Cloudwatch 将 Stream 记录到 Amazon Elasticsearch 服务
[英]AWS Cloudwatch Logs Stream to Amazon Elasticsearch Service
Filebeat 无法连接到 Amazon Elasticsearch 服务
[英]Filebeat failed to connect to Amazon Elasticsearch Service
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.