Amazon web services 如何通过浏览器手动设置AWS ElasticSearch和使用kibana?
我一直在努力设置AWS ES并使用kibana。我跟着 当我到达时,我在运行Amazon web services 如何通过浏览器手动设置AWS ElasticSearch和使用kibana?,amazon-web-services,elasticsearch,Amazon Web Services,elasticsearch,我一直在努力设置AWS ES并使用kibana。我跟着 当我到达时,我在运行curl-XPUT elasticsearch\u domain\u endpoint/movies/\u doc/1-d'{“director”:“Burton,Tim”,“流派”:[“喜剧”,“科幻”],“年份”:1996,“演员”:[“Jack Nicholson”,“Pierce Brosnan”,“Sarah Jessica Parker”],“title:“Mars Attacks!”}'-H”内容类型:ap
curl-XPUT elasticsearch\u domain\u endpoint/movies/\u doc/1-d'{“director”:“Burton,Tim”,“流派”:[“喜剧”,“科幻”],“年份”:1996,“演员”:[“Jack Nicholson”,“Pierce Brosnan”,“Sarah Jessica Parker”],“title:“Mars Attacks!”}'-H”内容类型:application/json'
,如文件所示,获取{“消息”时出错:“用户:匿名未被授权执行:es:eshttput”}
我已将ES的策略设置为:
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"AWS": "arn:aws:iam::my_id:user/my_iam_user"
},
"Action": "es:*",
"Resource": "arn:aws:es:us-west-2:my_id:domain/my-domain/*"
},
{
"Sid": "",
"Effect": "Allow",
"Principal": {
"AWS": "*"
},
"Action": "es:*",
"Resource": "arn:aws:es:us-west-2:my_id:domain/my-domain/*",
"Condition": {
"IpAddress": {
"aws:SourceIp": [my_ips]
}
}
}
]
}
我从终端调用ifconfig | grep“inet”| grep-v 127.0.0.1
,点击checkip.amazonaws.com
,并在chrome上检查开发者工具->网络(这是3个不同的IP,我都添加了它们)
我还为我的IAM用户添加了以下角色:
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "VisualEditor0",
"Effect": "Allow",
"Action": [
"es:DescribeReservedElasticsearchInstanceOfferings",
"es:DescribeReservedElasticsearchInstances",
"es:ListDomainNames",
"es:PurchaseReservedElasticsearchInstance",
"es:DeleteElasticsearchServiceRole",
"es:ListElasticsearchInstanceTypes",
"es:DescribeElasticsearchInstanceTypeLimits",
"es:ListElasticsearchVersions"
],
"Resource": "*"
},
{
"Sid": "VisualEditor1",
"Effect": "Allow",
"Action": "es:*",
"Resource": "arn:aws:es:us-west-2:my_id:domain/my-domain"
}
]
}
我已经在我的机器上设置了AWS CLI,我能够通过AWS es descripe elasticsearch domain--domain my domain
获得正确的结果
尽管如此,我还是未能调用上面的curl XPUT
,也未能访问kibana,原因与{“Message”:“User:anonymous无权执行:es:eshttput”}
在我提出这个问题之前,我读了几篇文章:
但仍然无法让它工作
是否有人可以指导我手动设置AWS ES的整个过程,并能够通过AWS CLI以及浏览器上的kibana对其进行操作?如果能提供详细的分步指南,而不是抛出aws文档,我将不胜感激。非常感谢。原来我使用的IP不正确。我应该在不使用VPN的情况下调用
checkip.amazonaws.com
,IP可能会随之改变。有关ES的策略应如下所示:
*另外,请确保您在同一个浏览器上调用
checkip.amazonaws.com
(如果您使用的是chrome,则也是同一个用户)结果表明我使用的IP不正确。我应该在不使用VPN的情况下调用checkip.amazonaws.com
,IP可能会随之改变。有关ES的策略应如下所示:
*另外,请确保您在同一浏览器上调用
checkip.amazonaws.com
(如果您使用的是chrome浏览器,则也是同一用户)几次尝试后,我认为核心问题是如何为aws:SourceIp
获取正确的IP。几次尝试后,我认为核心问题是如何为aws:SourceIp
获取正确的IP。
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"AWS": "arn:aws:iam::xxxxxxxxxxxx:root"
},
"Action": "es:*",
"Resource": "arn:aws:es:us-west-2:xxxxxxxxxxxx:domain/my-elasticsearch-domain/*"
},
{
"Sid": "",
"Effect": "Allow",
"Principal": {
"AWS": "*"
},
"Action": "es:*",
"Resource": "arn:aws:es:us-west-2:xxxxxxxxxxxx:domain/my-elasticsearch-domain/*",
"Condition": {
"IpAddress": {
"aws:SourceIp": [
"192.168.1.0",
"192.168.1.1"
]
}
}
}
]
}