AWS权限错误...Kinesis Firehose未向Elasticsearch…发送数据

Question

我在kinesis firehose的CloudWatch日志中看到以下错误

{
    "deliveryStreamARN": "arn:aws:firehose:us-west-2:917877325894:deliverystream/test_dynamodb",
    "destination": "arn:aws:es:us-west-2:917877325894:domain/test-dynamodb2",
    "deliveryStreamVersionId": 1,
    "message": "Error received from Elasticsearch cluster. {\"error\":{\"root_cause\":[{\"type\":\"security_exception\",\"reason\":\"no permissions for [indices:data/write/bulk] and User [name=arn:aws:iam::917877325894:role/firehose_delivery_role2, backend_roles=[arn:aws:iam::917877325894:role/firehose_delivery_role2], requestedTenant=null]\"}],\"type\":\"security_exception\",\"reason\":\"no permissions for [indices:data/write/bulk] and User [name=arn:aws:iam::917877325894:role/firehose_delivery_role2, backend_roles=[arn:aws:iam::917877325894:role/firehose_delivery_role2], requestedTenant=null]\"},\"status\":403}",
    "errorCode": "ES.ServiceException"
}

我已经将所有不同的策略添加到附加到Firehose的角色，但仍然收到相同的错误。(顺便说一句，角色是由firehose自己创建的，但我也尝试添加更多策略，但没有不同的结果)

我还为elasticsearch域制定了开放访问策略

以前有没有人遇到过同样的情况？

Answer 1

我也有同样的问题，故障排除的说明在这里

https://aws.amazon.com/premiumsupport/knowledge-center/es-troubleshoot-cloudwatch-logs/

转到Kibana并添加您的all_access映射。瞧。