我正在尝试找到一个如何连接到node.js中的AWS ES实例的示例,然后通过一个简单的请求访问ES集群。
我正在尝试使用elasticsearch node软件包以及一个名为http-aws- es的开源插件来执行此操作。
我已经将aws ES访问策略配置为如下所示:
{ "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Principal": { "AWS": "arn:aws:iam::<account-id>:root" }, "Action": "es:*", "Resource": "example-domain.us-east-1.es.amazonaws.com:<account-id>:domain/*" }, { "Sid": "", "Effect": "Allow", "Principal": { "AWS": "*" }, "Action": "es:*", "Resource": "example-domain.us-east-1.es.amazonaws.com:<account-id>:domain/*", "Condition": { "IpAddress": { "aws:SourceIp": "<my-ip>" } } } ] }
因此,我希望能够通过IP地址或链接到我的AWS帐户的IAM用户在es实例上发出放置和获取请求。
我在node.js中尝试以下代码:
var aws_access_key = 'example'; var aws_secret_key = 'key'; var es = require('elasticsearch').Client({ hosts: 'example-domain.us-east-1.es.amazonaws.com', connectionClass: require('http-aws-es'), amazonES: { region: 'us-east-1', accessKey: aws_access_key, secretKey: aws_secret_key } }); es.ping({ // ping usually has a 3000ms timeout requestTimeout: Infinity, // undocumented params are appended to the query string hello: "elasticsearch!" }, function (error) { if (error) { console.log(error); console.trace('elasticsearch cluster is down!'); } else { console.log('All is well'); } });
当前返回授权错误:
{ [Error: Authorization Exception] status: 403, displayName: 'AuthorizationException', message: 'Authorization Exception' }
我还没有看到通过在node.js中使用签名策略来使用aws ES实例的有效示例。有人有见识吗?
事实证明,除了一步之遥,我几乎可以正确回答问题中的所有内容。
上面的代码中与aws_access_key和关联的IAM用户aws_secret_key必须具有特定的权限才能与elasticsearch实例进行交互。因此,我登录到AWS控制台,并向需要与elasticsearch实例进行交互的IAM用户添加了以下策略
aws_access_key
aws_secret_key
{ "Version": "2012-10-17", "Statement": [ { "Sid": "Stmt1480915344000", "Effect": "Allow", "Action": [ "es:*" ], "Resource": [ "arn:aws:es:us-east-1:<account-id>:domain/*" ] } ] }
