【发布时间】:2021-08-23 19:30:21
【问题描述】:
我已将我的 elasticsearch yml 文件(通过无服务器部署)设置如下:
Resources:
CRMSearch:
Type: "AWS::Elasticsearch::Domain"
Properties:
ElasticsearchVersion: "7.10"
DomainName: "crm-searchdb-${self:custom.stage}"
ElasticsearchClusterConfig:
DedicatedMasterEnabled: false
InstanceCount: "1"
ZoneAwarenessEnabled: false
InstanceType: "t3.medium.elasticsearch"
EBSOptions:
EBSEnabled: true
Iops: 0
VolumeSize: 10
VolumeType: "gp2"
AccessPolicies:
Version: "2012-10-17"
Statement:
- Effect: "Allow"
Principal:
AWS: [
"arn:aws:iam::#{AWS::AccountId}:role/crm-databases-dev-us-east-1-lambdaRole",
'#{AWS::AccountId}',
'arn:aws:iam::#{AWS::AccountId}:user/nicholas',
'arn:aws:iam::#{AWS::AccountId}:user/daniel'
]
Action: "es:*"
Resource: "arn:aws:es:us-east-1:#{AWS::AccountId}:domain/crm-searchdb-${self:custom.stage}"
- Effect: "Allow"
Principal:
AWS: [
"*"
]
Action: "es:*"
Resource: "arn:aws:es:us-east-1:#{AWS::AccountId}:domain/crm-searchdb-${self:custom.stage}"
AdvancedOptions:
rest.action.multi.allow_explicit_index: 'true'
AdvancedSecurityOptions:
Enabled: true
InternalUserDatabaseEnabled: true
MasterUserOptions:
MasterUserName: admin
MasterUserPassword: fD343sfdf!3rf
EncryptionAtRestOptions:
Enabled: true
NodeToNodeEncryptionOptions:
Enabled: true
DomainEndpointOptions:
EnforceHTTPS: true
我只是想通过浏览器访问 Kibana。几个月前,我在以前的公司设置了开放权限 Kibana,但无论我做什么,似乎都无法通过浏览器访问 Kibana。我总是收到{"Message":"User: anonymous is not authorized to perform: es:ESHttpGet"} 错误。如何设置权限(最好通过 yml)来完成此操作?
【问题讨论】:
标签: amazon-web-services elasticsearch kibana amazon-iam amazon-elasticsearch