时间戳

首页 > 解决方案 > 在 AWS 弹性搜索 {"Message":"User:anonymous is not authorized to perform:es:ESHttpGet"}

python - 在 AWS 弹性搜索 {"Message":"User:anonymous is not authorized to perform:es:ESHttpGet"}

问题描述

我创建了 AWS elasticsearch 域

https://search-xx-xx.us-east-1.es.amazonaws.com/

单击下面的弹性 url 和 kibana 是我得到的错误

{"Message":"用户:anonymous 无权执行:es:ESHttpGet"}

在此处输入图像描述

下面是工作正常的代码

import boto3
from requests_aws4auth import AWS4Auth
from elasticsearch import Elasticsearch, RequestsHttpConnection
session = boto3.session.Session()
credentials = session.get_credentials()

awsauth = AWS4Auth(credentials.access_key,
                   credentials.secret_key,
                   session.region_name, 'es',
                   session_token=credentials.token)
es = Elasticsearch(
    ['https://search-testelastic-2276kyz2u4l3basec63onfq73a.us-east-1.es.amazonaws.com'],
    http_auth=awsauth,
    use_ssl=True,
    verify_certs=True,
    connection_class=RequestsHttpConnection
)


def lambda_handler(event, context):
    es.cluster.health()
    es.indices.create(index='my-index', ignore=400)
    r = [{'Name': 'Dr. Christopher DeSimone', 'Specialised and Location': 'Health'},
 {'Name': 'Dr. Tajwar Aamir (Aamir)', 'Specialised and Location': 'Health'},
 {'Name': 'Dr. Bernard M. Aaron', 'Specialised and Location': 'Health'},
 {'Name': 'Eliana M. Aaron', 'Specialised and Location': 'Health'},
 {'Name': 'Dr. Joseph J. Aaron', 'Specialised and Location': 'Health'},
 {'Name': 'Dr. Michael R. Aaron', 'Specialised and Location': 'Health'},
 {'Name': 'Dr. Darryl H. Aarons', 'Specialised and Location': 'Health'},
 {'Name': 'Dr. William B. Aarons', 'Specialised and Location': 'Health'},
 {'Name': 'Dr. Sirike T. Aasmaa', 'Specialised and Location': 'Health'},
 {'Name': 'Dr. Jacobo A. Abadi', 'Specialised and Location': 'Health'}]
    for e in enumerate(r):
         es.index(index="my-index", body=e[1])

以下是访问策略

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Principal": {
        "AWS": "*"
      },
      "Action": "es:*",
      "Resource": "arn:aws:es:us-east-1:xxxxxx:domain/xxxxx/*",
      "Condition": {
        "IpAddress": {
          "aws:SourceIp": "*"
        }
      }
    }
  ]
}

标签: pythonamazon-web-servicesaws-lambdaaws-elasticsearch

解决方案

此错误表明您的 ElasticSearch 服务不支持匿名请求(未使用有效 IAM 凭证签名的请求)。

尽管您的政策看起来不错,但官方允许所有政策如下所示

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Principal": {
        "AWS": "*"
      },
      "Action": "es:*",
      "Resource": "arn:aws:es:us-east-1:xxxxxx:domain/xxxxx/*"
    }
  ]
}

推荐阅读