Appsync + Elasticsearch:执行对 OpenSearch 的请求时出现通信错误
Appsync + Elasticsearch : Communication error while executing a request to OpenSearch
我正在尝试在 Appsync (graphql) 和 ElasticSearch(V7.10) 之间快速进行 poc,但是当 Appsync(resolver) 尝试调用 ES 时出现以下通信错误。它是一个简单的 graphql 查询。
我尝试按照本教程学习此 poc:https://docs.aws.amazon.com/appsync/latest/devguide/tutorial-elasticsearch-resolvers.html
appsync 和elasticsearch 都启用了Cloudwatch Logs,但关于这个错误的不多。
非常感谢对此的任何帮助。
详情如下
ES:版本 7.10(也尝试使用 OpenSearch 1.0,但同样的错误),它在 vpc 中,appsync 是在与 vpc 相同的区域创建的。
错误:
{
"data": {
"allPosts": null
},
"errors": [
{
"path": [
"allPosts"
],
"data": null,
"errorType": "OpenSearch:RuntimeException",
"errorInfo": null,
"locations": [
{
"line": 2,
"column": 3,
"sourceName": null
}
],
"message": "Communication error while executing a request to OpenSearch."
}
]
}
请求映射模板(解析器)
{
"version":"2017-02-28",
"operation":"GET",
"path":"/item_catlog_001/_doc/_search",
"params":{
"body": {
"from": 0,
"size": 50,
"query": {
"match_all": {}
}
}
}
}
IAM 在 Appsync 端的作用
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"es:ESHttpDelete",
"es:ESHttpHead",
"es:ESHttpGet",
"es:ESHttpPost",
"es:ESHttpPut"
],
"Resource": [
"arn:aws:es:ap-southeast-2:*:domain/helloworld/*"
]
}
]
}
信任关系
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"Service": "appsync.amazonaws.com"
},
"Action": "sts:AssumeRole"
}
]
}
ES/OS 端的访问策略
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"AWS": "*"
},
"Action": "es:*",
"Resource": "arn:aws:es:ap-southeast-2:*:domain/helloworld/*"
},
{
"Effect": "Allow",
"Principal": {
"AWS": "arn:aws:iam::*:role/service-role/appsync-ds-es-57leg5-vpc-helloworld-o53f5"
},
"Action": [
"es:ESHttpDelete",
"es:ESHttpHead",
"es:ESHttpGet",
"es:ESHttpPost",
"es:ESHttpPut"
],
"Resource": "arn:aws:es:ap-southeast-2:*:domain/helloworld/*"
}
]
}
谢谢
瓦苏
如果您在 VPC 后面安装了 ElasticSearch,您将看到此错误。看看这个
AWS AppSync supports using Amazon OpenSearch Service from domains that you have provisioned in your own AWS account, provided they don’t exist inside a VPC
https://docs.aws.amazon.com/appsync/latest/devguide/tutorial-elasticsearch-resolvers.html
这也是一个困扰我的问题 - 我设法解决的最佳解决方案是在与弹性搜索相同的 VPC 后面创建一个 lambda 代理;让 lambda 接受您的 ES 搜索字符串并将其传递给您的 AppSync 解析器 return - AppSync 可以在 VPC 后面使用 lambda(但由于某些原因不能使用 OpenSearch)
我正在尝试在 Appsync (graphql) 和 ElasticSearch(V7.10) 之间快速进行 poc,但是当 Appsync(resolver) 尝试调用 ES 时出现以下通信错误。它是一个简单的 graphql 查询。
我尝试按照本教程学习此 poc:https://docs.aws.amazon.com/appsync/latest/devguide/tutorial-elasticsearch-resolvers.html
appsync 和elasticsearch 都启用了Cloudwatch Logs,但关于这个错误的不多。 非常感谢对此的任何帮助。
详情如下
ES:版本 7.10(也尝试使用 OpenSearch 1.0,但同样的错误),它在 vpc 中,appsync 是在与 vpc 相同的区域创建的。
错误:
{
"data": {
"allPosts": null
},
"errors": [
{
"path": [
"allPosts"
],
"data": null,
"errorType": "OpenSearch:RuntimeException",
"errorInfo": null,
"locations": [
{
"line": 2,
"column": 3,
"sourceName": null
}
],
"message": "Communication error while executing a request to OpenSearch."
}
]
}
请求映射模板(解析器)
{
"version":"2017-02-28",
"operation":"GET",
"path":"/item_catlog_001/_doc/_search",
"params":{
"body": {
"from": 0,
"size": 50,
"query": {
"match_all": {}
}
}
}
}
IAM 在 Appsync 端的作用
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"es:ESHttpDelete",
"es:ESHttpHead",
"es:ESHttpGet",
"es:ESHttpPost",
"es:ESHttpPut"
],
"Resource": [
"arn:aws:es:ap-southeast-2:*:domain/helloworld/*"
]
}
]
}
信任关系
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"Service": "appsync.amazonaws.com"
},
"Action": "sts:AssumeRole"
}
]
}
ES/OS 端的访问策略
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"AWS": "*"
},
"Action": "es:*",
"Resource": "arn:aws:es:ap-southeast-2:*:domain/helloworld/*"
},
{
"Effect": "Allow",
"Principal": {
"AWS": "arn:aws:iam::*:role/service-role/appsync-ds-es-57leg5-vpc-helloworld-o53f5"
},
"Action": [
"es:ESHttpDelete",
"es:ESHttpHead",
"es:ESHttpGet",
"es:ESHttpPost",
"es:ESHttpPut"
],
"Resource": "arn:aws:es:ap-southeast-2:*:domain/helloworld/*"
}
]
}
谢谢
瓦苏
如果您在 VPC 后面安装了 ElasticSearch,您将看到此错误。看看这个
AWS AppSync supports using Amazon OpenSearch Service from domains that you have provisioned in your own AWS account, provided they don’t exist inside a VPC
https://docs.aws.amazon.com/appsync/latest/devguide/tutorial-elasticsearch-resolvers.html
这也是一个困扰我的问题 - 我设法解决的最佳解决方案是在与弹性搜索相同的 VPC 后面创建一个 lambda 代理;让 lambda 接受您的 ES 搜索字符串并将其传递给您的 AppSync 解析器 return - AppSync 可以在 VPC 后面使用 lambda(但由于某些原因不能使用 OpenSearch)