amazon-web-services - 从不同的 s3 区域恢复弹性搜索快照
问题描述
我在区域中有一个 AWS ElasticSearch 域,eu-west-1并且snapshot在同一区域也有一个 S3 存储桶子文件夹。
我还在另一个 aws 区域部署了第二个 AWS ElasticSearch 域 - eu-west-2.
在存储桶之间添加了 S3 存储桶复制,但是当我尝试在eu-west-2AWS ES 域上注册存储库时,出现以下错误:
500
{"error":{"root_cause":[{"type":"blob_store_exception","reason":"Failed to check if blob [master.dat] exists"}],"type":"blob_store_exception","reason":"Failed to check if blob [master.dat] exists","caused_by":{"type":"amazon_s3_exception","reason":"Forbidden (Service: Amazon S3; Status Code: 403; Error Code: 403 Forbidden; Request ID: 14F0571DFF522922; S3 Extended Request ID: U1OnlKPOkfCNFzoV9HC5WBHJ+kfhAZDMOG0j0DzY5+jwaRFJvHkyzBacilA4FdIqDHDYWPCrywU=)"}},"status":500}
这是我用来在新集群上注册存储库的代码(取自https://docs.aws.amazon.com/elasticsearch-service/latest/developerguide/es-managedomains-snapshots.html#es-managedomains-快照恢复):
import boto3
import requests
from requests_aws4auth import AWS4Auth
host = 'https://search-**es-elk-prod**.eu-west-2.es.amazonaws.com/' # include https:// and trailing /
region = 'eu-west-2' # e.g. us-west-1
service = 'es'
credentials = boto3.Session().get_credentials()
awsauth = AWS4Auth(credentials.access_key, credentials.secret_key, region, service, session_token=credentials.token)
# Register repository
path = '_snapshot/es-elk-prod' # the Elasticsearch API endpoint
url = host + path
payload = {
"type": "s3",
"settings": {
"bucket": "es-prod-eu-west-2",
"region": "eu-west-2",
"role_arn": "arn:aws:iam::1234567:role/EsProd-***-snapshotS3role-***"
}
}
headers = {"Content-Type": "application/json"}
r = requests.put(url, auth=awsauth, json=payload, headers=headers)
print(r.status_code)
print(r.text)
从日志中,我得到:
curl -X GET 'https://search-**es-elk-prod**.eu-west-2.es.amazonaws.com/_snapshot/es-mw-elk-prod/_all?pretty'
{
"error" : {
"root_cause" : [
{
"type" : "amazon_s3_exception",
"reason" : "Access Denied (Service: Amazon S3; Status Code: 403; Error Code: AccessDenied; Request ID: 72A59132E2830D81; S3 Extended Request ID: o0XalToNp19HDJKSOVxmna71hx3LkwoSFEobm3HQGH1HEzxOrAtYHg+asnKxJ03iGSDDhUz5GUI=)"
}
],
"type" : "amazon_s3_exception",
"reason" : "Access Denied (Service: Amazon S3; Status Code: 403; Error Code: AccessDenied; Request ID: 72A59132E2830D81; S3 Extended Request ID: o0XalToNp19HDJKSOVxmna71hx3LkwoSFEobm3HQGH1HEzxOrAtYHg+asnKxJ03iGSDDhUz5GUI=)"
},
"status" : 500
}
能够ARN访问 S3 存储桶,就像ARN我用来将eu-west-2域快照到 S3 一样,因为eu-west-1快照存储在 S3 存储桶上的子文件夹中,我添加了代码的路径,例如:
payload = {
"type": "s3",
"settings": {
"bucket": "es-prod-eu-west-2",
"path": "es-elk-prod",
"region": "eu-west-2",
"role_arn": "arn:aws:iam::1234567:role/EsProd-***-snapshotS3role-***"
}
}
但这也不起作用。
将在一个 aws 区域中创建的快照恢复到另一个 aws 区域的正确方法是什么?
非常感谢任何建议。
解决方案
推荐阅读
- scala - 更新和删除查询在 play-slick 中不起作用
- c# - 无法访问已处置的对象 Asp.net Identity Core
- python - 从源代码安装时,使用 Python 3 和 Windows 安装 Spacy for NLP 会出错
- wordpress - Wordpress 移动菜单插件
- ruby-on-rails - Rails link_to 调用不正确的控制器动作
- swift - 如何在 UI 测试中进行新闻发布?
- flutter - Flutter:ListView禁用触摸屏滚动
- python - 带hwnd的grabWindow返回黑屏
- android-studio - Android Studio 3.1.2 0 - 不再在所有文件中看到错误(红色下划线)
- javascript - 请求模态框帮助