【发布时间】:2016-03-01 21:05:34
【问题描述】:
我正在尝试从 EC2 实例连接到我的 ES 集群,并已将我的 IAM 策略配置为接受来自我的密钥/密钥对的请求。我正在使用 ruby 尝试对服务进行查询并不断收到 403 'User: anonymous is not authorized to perform: es:ESHttpGet on resource:arn...'
我的代码如下所示:
require 'faraday_middleware/aws_signers_v4'
client = Elasticsearch::Client.new url: 'https://myEScluster.es.amazonaws.com' do |f|
f.request :aws_signers_v4,
credentials: Aws::Credentials.new('mykey', 'mysecret'),
service_name: 'es',
region: 'us-east-1'
end
当我尝试执行 client.search 时出现错误。我查看了 ES gem 的所有 github 问题和文档,其中说要做我正在尝试的事情: “您可以在配置块中使用任何标准的 Faraday 中间件和插件,例如签署 AWS Elasticsearch 服务的请求:”
require 'patron'
require 'faraday_middleware/aws_signers_v4'
client = Elasticsearch::Client.new url: 'https://search-my-cluster-abc123....es.amazonaws.com' do |f|
f.request :aws_signers_v4,
credentials: Aws::Credentials.new(ENV['AWS_ACCESS_KEY'], ENV['AWS_SECRET_ACCESS_KEY']),
service_name: 'es',
region: 'us-east-1'
end
如您所见,几乎相同。我也试过这些:
https://github.com/elastic/elasticsearch-ruby/issues/232
https://github.com/elastic/elasticsearch-ruby/pull/235
还有一件事,这是我的 ES 服务安全策略:
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"AWS": "myarn"
},
"Action": "es:*",
"Resource": "myresourcearn/*"
}
]
}
不幸的是,亚马逊缺乏这方面的文档,并且他们的服务 api 仅提供基本的维护功能。谁能帮帮我?
提前致谢!
【问题讨论】:
标签: ruby amazon-web-services elasticsearch