在 AWS 弹性搜索上 {"Message":"User: anonymous is not authorized to perform: es:ESHttpGet"}
On AWS elastic search {"Message":"User: anonymous is not authorized to perform: es:ESHttpGet"}
我已经创建了 AWS elasticsearch 域
https://search-xx-xx.us-east-1.es.amazonaws.com/
点击下面的 elastic url 和 kibana 是我得到的错误
{"消息":"用户:匿名无权执行:es:ESHttpGet"}
下面是工作正常的代码
import boto3
from requests_aws4auth import AWS4Auth
from elasticsearch import Elasticsearch, RequestsHttpConnection
session = boto3.session.Session()
credentials = session.get_credentials()
awsauth = AWS4Auth(credentials.access_key,
credentials.secret_key,
session.region_name, 'es',
session_token=credentials.token)
es = Elasticsearch(
['https://search-testelastic-2276kyz2u4l3basec63onfq73a.us-east-1.es.amazonaws.com'],
http_auth=awsauth,
use_ssl=True,
verify_certs=True,
connection_class=RequestsHttpConnection
)
def lambda_handler(event, context):
es.cluster.health()
es.indices.create(index='my-index', ignore=400)
r = [{'Name': 'Dr. Christopher DeSimone', 'Specialised and Location': 'Health'},
{'Name': 'Dr. Tajwar Aamir (Aamir)', 'Specialised and Location': 'Health'},
{'Name': 'Dr. Bernard M. Aaron', 'Specialised and Location': 'Health'},
{'Name': 'Eliana M. Aaron', 'Specialised and Location': 'Health'},
{'Name': 'Dr. Joseph J. Aaron', 'Specialised and Location': 'Health'},
{'Name': 'Dr. Michael R. Aaron', 'Specialised and Location': 'Health'},
{'Name': 'Dr. Darryl H. Aarons', 'Specialised and Location': 'Health'},
{'Name': 'Dr. William B. Aarons', 'Specialised and Location': 'Health'},
{'Name': 'Dr. Sirike T. Aasmaa', 'Specialised and Location': 'Health'},
{'Name': 'Dr. Jacobo A. Abadi', 'Specialised and Location': 'Health'}]
for e in enumerate(r):
es.index(index="my-index", body=e[1])
以下是访问策略
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"AWS": "*"
},
"Action": "es:*",
"Resource": "arn:aws:es:us-east-1:xxxxxx:domain/xxxxx/*",
"Condition": {
"IpAddress": {
"aws:SourceIp": "*"
}
}
}
]
}
此错误表明您的 ElasticSearch 服务不支持匿名请求(未使用有效 IAM 凭据签名的请求)。
尽管您的政策看起来不错,但官方允许所有政策如下所示
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"AWS": "*"
},
"Action": "es:*",
"Resource": "arn:aws:es:us-east-1:xxxxxx:domain/xxxxx/*"
}
]
}
Postman尝试使用AWS Signature认证方式,进行测试
我已经创建了 AWS elasticsearch 域
https://search-xx-xx.us-east-1.es.amazonaws.com/
点击下面的 elastic url 和 kibana 是我得到的错误
{"消息":"用户:匿名无权执行:es:ESHttpGet"}
下面是工作正常的代码
import boto3
from requests_aws4auth import AWS4Auth
from elasticsearch import Elasticsearch, RequestsHttpConnection
session = boto3.session.Session()
credentials = session.get_credentials()
awsauth = AWS4Auth(credentials.access_key,
credentials.secret_key,
session.region_name, 'es',
session_token=credentials.token)
es = Elasticsearch(
['https://search-testelastic-2276kyz2u4l3basec63onfq73a.us-east-1.es.amazonaws.com'],
http_auth=awsauth,
use_ssl=True,
verify_certs=True,
connection_class=RequestsHttpConnection
)
def lambda_handler(event, context):
es.cluster.health()
es.indices.create(index='my-index', ignore=400)
r = [{'Name': 'Dr. Christopher DeSimone', 'Specialised and Location': 'Health'},
{'Name': 'Dr. Tajwar Aamir (Aamir)', 'Specialised and Location': 'Health'},
{'Name': 'Dr. Bernard M. Aaron', 'Specialised and Location': 'Health'},
{'Name': 'Eliana M. Aaron', 'Specialised and Location': 'Health'},
{'Name': 'Dr. Joseph J. Aaron', 'Specialised and Location': 'Health'},
{'Name': 'Dr. Michael R. Aaron', 'Specialised and Location': 'Health'},
{'Name': 'Dr. Darryl H. Aarons', 'Specialised and Location': 'Health'},
{'Name': 'Dr. William B. Aarons', 'Specialised and Location': 'Health'},
{'Name': 'Dr. Sirike T. Aasmaa', 'Specialised and Location': 'Health'},
{'Name': 'Dr. Jacobo A. Abadi', 'Specialised and Location': 'Health'}]
for e in enumerate(r):
es.index(index="my-index", body=e[1])
以下是访问策略
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"AWS": "*"
},
"Action": "es:*",
"Resource": "arn:aws:es:us-east-1:xxxxxx:domain/xxxxx/*",
"Condition": {
"IpAddress": {
"aws:SourceIp": "*"
}
}
}
]
}
此错误表明您的 ElasticSearch 服务不支持匿名请求(未使用有效 IAM 凭据签名的请求)。
尽管您的政策看起来不错,但官方允许所有政策如下所示
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"AWS": "*"
},
"Action": "es:*",
"Resource": "arn:aws:es:us-east-1:xxxxxx:domain/xxxxx/*"
}
]
}
Postman尝试使用AWS Signature认证方式,进行测试