AWS Elasticsearch服务无权执行滚动

AWS Elasticsearch服务无权执行滚动,
Warning: implode(): Invalid arguments passed in /data/phpspider/zhask/webroot/tpl/detail.html on line 45
,,我正在尝试使用elasticdump从AWS Elasticsearch服务复制索引： elasticdump --input=https://xxx.xx-xxx-x.es.amazonaws.com/my_index --output=my_index.json 政策的相关部分： ... "Action": "es:*", "Resource": [ "arn:aws:es:xx-xxx-x:XXXXXXXX:domain/escluster/*", "arn:aw

我正在尝试使用

elasticdump

从AWS Elasticsearch服务复制索引：

elasticdump --input=https://xxx.xx-xxx-x.es.amazonaws.com/my_index --output=my_index.json

政策的相关部分：

...
  "Action": "es:*",
  "Resource": [
    "arn:aws:es:xx-xxx-x:XXXXXXXX:domain/escluster/*",
    "arn:aws:es:xx-xxx-x:XXXXXXXX:domain/escluster",
    "arn:aws:es:xx-xxx-x:XXXXXXXX:domain/escluster/_search/scroll"
  ]
...

在100个对象之后，我得到：

{"Message":"User: anonymous is not authorized to perform: es:ESHttpGet on resource: arn:aws:es:xx-xxx-x:XXXXXXXX:domain/escluster/_search/scroll"}

为什么AWS阻止我滚动？

您可能需要为将访问ES以进行转储的计算机添加IP 我有类似的问题，添加IP解决了我的问题我的政策是这样的：

{
  "Version": "2012-10-17",
  "Statement": [
  {
    "Effect": "Allow",
    "Principal": {
      "AWS": "arn:aws:iam::<AWSACCOUNT>:root"
    },
    "Action": "es:*",
    "Resource": "arn:aws:es:us-west-1:<AWSACCOUNT>:domain/<domain>/*"
  },
  {
    "Effect": "Allow",
    "Principal": {
      "AWS": "*"
    },
    "Action": "*",
    "Resource": [
           "arn:aws:es:<AWSACCOUNT>:domain/<domain>/*",
           "arn:aws:es:<AWSACCOUNT>:domain/<domain>/_search/scroll"
           ],
    "Condition": {
      "IpAddress": {
        "aws:SourceIp": [
          <IP1>,
          <IP2>,
          <...>
        ]
      }
    }
  }
 ]
}

{
“版本”：“2012-10-17”，
“声明”：[
{
“效果”：“允许”，
“委托人”：{
“AWS”：“arn:AWS:iam:：：root”
},
“行动”：“es:*”，
“资源”：“arn:aws:es:us-west-1:：domain/*”
},
{
“效果”：“允许”，
“委托人”：{
“AWS”：“*”
},
“行动”：“*”，
“资源”：[
“arn:aws:es:：domain/*”，
“arn:aws:es:：domain/\u搜索/滚动”
],
“条件”：{
“IP地址”：{
“aws:SourceIp”：[
,
,
]
}
}
}
]
}

您可能需要在命令行中设置端口

您可能需要为将访问ES以进行转储的机器添加IP 我有类似的问题，添加IP解决了我的问题我的政策是这样的：

{
  "Version": "2012-10-17",
  "Statement": [
  {
    "Effect": "Allow",
    "Principal": {
      "AWS": "arn:aws:iam::<AWSACCOUNT>:root"
    },
    "Action": "es:*",
    "Resource": "arn:aws:es:us-west-1:<AWSACCOUNT>:domain/<domain>/*"
  },
  {
    "Effect": "Allow",
    "Principal": {
      "AWS": "*"
    },
    "Action": "*",
    "Resource": [
           "arn:aws:es:<AWSACCOUNT>:domain/<domain>/*",
           "arn:aws:es:<AWSACCOUNT>:domain/<domain>/_search/scroll"
           ],
    "Condition": {
      "IpAddress": {
        "aws:SourceIp": [
          <IP1>,
          <IP2>,
          <...>
        ]
      }
    }
  }
 ]
}

{
“版本”：“2012-10-17”，
“声明”：[
{
“效果”：“允许”，
“委托人”：{
“AWS”：“arn:AWS:iam:：：root”
},
“行动”：“es:*”，
“资源”：“arn:aws:es:us-west-1:：domain/*”
},
{
“效果”：“允许”，
“委托人”：{
“AWS”：“*”
},
“行动”：“*”，
“资源”：[
“arn:aws:es:：domain/*”，
“arn:aws:es:：domain/\u搜索/滚动”
],
“条件”：{
“IP地址”：{
“aws:SourceIp”：[
,
,
]
}
}
}
]
}

也许您需要在命令行中设置端口