python - 在 AWS 弹性搜索 {"Message":"User:anonymous is not authorized to perform:es:ESHttpGet"}
问题描述
我创建了 AWS elasticsearch 域
https://search-xx-xx.us-east-1.es.amazonaws.com/
单击下面的弹性 url 和 kibana 是我得到的错误
{"Message":"用户:anonymous 无权执行:es:ESHttpGet"}
下面是工作正常的代码
import boto3
from requests_aws4auth import AWS4Auth
from elasticsearch import Elasticsearch, RequestsHttpConnection
session = boto3.session.Session()
credentials = session.get_credentials()
awsauth = AWS4Auth(credentials.access_key,
credentials.secret_key,
session.region_name, 'es',
session_token=credentials.token)
es = Elasticsearch(
['https://search-testelastic-2276kyz2u4l3basec63onfq73a.us-east-1.es.amazonaws.com'],
http_auth=awsauth,
use_ssl=True,
verify_certs=True,
connection_class=RequestsHttpConnection
)
def lambda_handler(event, context):
es.cluster.health()
es.indices.create(index='my-index', ignore=400)
r = [{'Name': 'Dr. Christopher DeSimone', 'Specialised and Location': 'Health'},
{'Name': 'Dr. Tajwar Aamir (Aamir)', 'Specialised and Location': 'Health'},
{'Name': 'Dr. Bernard M. Aaron', 'Specialised and Location': 'Health'},
{'Name': 'Eliana M. Aaron', 'Specialised and Location': 'Health'},
{'Name': 'Dr. Joseph J. Aaron', 'Specialised and Location': 'Health'},
{'Name': 'Dr. Michael R. Aaron', 'Specialised and Location': 'Health'},
{'Name': 'Dr. Darryl H. Aarons', 'Specialised and Location': 'Health'},
{'Name': 'Dr. William B. Aarons', 'Specialised and Location': 'Health'},
{'Name': 'Dr. Sirike T. Aasmaa', 'Specialised and Location': 'Health'},
{'Name': 'Dr. Jacobo A. Abadi', 'Specialised and Location': 'Health'}]
for e in enumerate(r):
es.index(index="my-index", body=e[1])
以下是访问策略
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"AWS": "*"
},
"Action": "es:*",
"Resource": "arn:aws:es:us-east-1:xxxxxx:domain/xxxxx/*",
"Condition": {
"IpAddress": {
"aws:SourceIp": "*"
}
}
}
]
}
解决方案
此错误表明您的 ElasticSearch 服务不支持匿名请求(未使用有效 IAM 凭证签名的请求)。
尽管您的政策看起来不错,但官方允许所有政策如下所示
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"AWS": "*"
},
"Action": "es:*",
"Resource": "arn:aws:es:us-east-1:xxxxxx:domain/xxxxx/*"
}
]
}
推荐阅读
- .net - 如何获取进程的线程并将其显示在列表中
- sql-server - SQL Server Management Studio 中有什么方法可以选择多行吗?
- c# - 根据记录动态显示组合框项
- arrays - 约束 ASN.1 中 SEQUENCE OF 类型的索引
- mysql - 如何检查当前用户是否对 MySQL/MariaDB 有一定的权限?
- python-3.x - 如何将(纬度,经度)字符串列转换为浮点列?
- php - 如何将docx文件转换为PDF?
- wso2 - WSO2 API Manager Store WebApp 很慢
- c# - LiveCharts 图例颜色与系列颜色不匹配,我该如何解决?
- python - 如何使用 Python 将网站上的多个 Excel 工作表下载到 Pandas DataFrame 中