我在AWS中部署了一个ElasticSearch示例,可以通过脉冲访问。我可以轻松地在localhost上查询数据,但当我在AWS lambda上部署时,我收到以下错误
消息:“用户:arn:aws:sts::xxxxxxxx:假定角色/基础设施开发人员-us-east-2-lambda角色/zeong-immigration-基础设施开发人员-app未被授权执行以下操作:es:ESHttpPost,因为没有基于身份的策略允许es:ESHttpPost操作'
这是我的博客
iamRoleStatements:
- Effect: Allow
Action:
- es:ESHttpPost
- es:ESHttpPut
- es:ESHttpDelete
- es:ESHttpGet
Resource:
- {'Fn::GetAtt': ['ElasticSearchInstance', 'DomainArn']}
- {
'Fn::Join':
[
'',
[
'Fn::GetAtt': ['ElasticSearchInstance', 'DomainArn'],
'/*',
],
],
}
Condition:
IpAddress:
aws:SourceIp:
- '0.0.0.0' # Whitelisted IP
resources:
Resources:
ElasticSearchInstance:
Type: AWS::Elasticsearch::Domain
Properties:
EBSOptions:
EBSEnabled: true
VolumeType: gp2
VolumeSize: 10
ElasticsearchClusterConfig:
InstanceType: t2.small.elasticsearch
InstanceCount: 1
DedicatedMasterEnabled: false
ZoneAwarenessEnabled: false
ElasticsearchVersion: 5.3
AccessPolicies:
Version: '2012-10-17'
Statement:
- Effect: 'Allow'
Principal:
AWS: '*'
Action: 'es:*'
Resource: '*'
Condition:
IpAddress:
aws:SourceIp: ['182.177.251.40', '103.115.199.162']
AdvancedOptions:
rest.action.multi.allow_explicit_index: 'tru
e'请帮帮忙
2条答案
按热度按时间zdwk9cvp1#
尝试将ActionPolicies操作设置为
您好像忘记了“[]”
在此处查看文档:https://docs.aws.amazon.com/opensearch-service/latest/developerguide/ac.html
7vhp5slm2#
我能够通过在ElasticSearch示例中使用principal来解决上述问题,如前面提到的here
仍然没有解决错误,所以最后在删除
从IamRoleStatement中,我能够解决该问题