AWS Elasticsearch服务未获授权执行滚动
AWS Elasticsearch服务未获授权执行滚动
提问于 2016-05-08 15:06:24
我正在尝试使用elasticdump从AWS Elasticsearch Service复制索引:
elasticdump --input=https://xxx.xx-xxx-x.es.amazonaws.com/my_index --output=my_index.json政策的相关部分:
...
"Action": "es:*",
"Resource": [
"arn:aws:es:xx-xxx-x:XXXXXXXX:domain/escluster/*",
"arn:aws:es:xx-xxx-x:XXXXXXXX:domain/escluster",
"arn:aws:es:xx-xxx-x:XXXXXXXX:domain/escluster/_search/scroll"
]
...在100个对象之后,我得到:
{"Message":"User: anonymous is not authorized to perform: es:ESHttpGet on resource: arn:aws:es:xx-xxx-x:XXXXXXXX:domain/escluster/_search/scroll"}为什么AWS阻止我滚动?
回答 1
Stack Overflow用户
发布于 2016-06-16 14:54:05
您可能需要添加将访问ES的计算机的IP,以生成我遇到的类似问题的转储,并添加IP修复我的问题我的策略类似于:
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"AWS": "arn:aws:iam::<AWSACCOUNT>:root"
},
"Action": "es:*",
"Resource": "arn:aws:es:us-west-1:<AWSACCOUNT>:domain/<domain>/*"
},
{
"Effect": "Allow",
"Principal": {
"AWS": "*"
},
"Action": "*",
"Resource": [
"arn:aws:es:<AWSACCOUNT>:domain/<domain>/*",
"arn:aws:es:<AWSACCOUNT>:domain/<domain>/_search/scroll"
],
"Condition": {
"IpAddress": {
"aws:SourceIp": [
<IP1>,
<IP2>,
<...>
]
}
}
}
]
}也许您需要在命令行中设置端口
页面原文内容由Stack Overflow提供。腾讯云小微IT领域专用引擎提供翻译支持
原文链接:
https://stackoverflow.com/questions/37097188
复制相关文章
相似问题
腾讯云开发者
Copyright © 2013 - 2026 Tencent Cloud. All Rights Reserved. 腾讯云 版权所有
深圳市腾讯计算机系统有限公司 ICP备案/许可证号:粤B2-20090059 
粤公网安备44030502008569号
腾讯云计算(北京)有限责任公司 京ICP证150476号 | 京ICP备11018762号