amazon Elasticsearch" />
amazon-elasticsearch,Aws Lambda,Aws lambda 为什么在AWS上向elasticsearch端点发布json时会出现403禁止错误?
我正在使用java lambda函数将json发布到AWS elasticsearchAws lambda 为什么在AWS上向elasticsearch端点发布json时会出现403禁止错误?,aws-lambda,
amazon-elasticsearch,Aws Lambda,
public Object handleRequest(DynamodbEvent dynamodbEvent, Context context) {
//code to general the json document
AmazonDynamoDBClient amazonDynamoDBClient = new AmazonDynamoDBClient();
List<DynamodbEvent.DynamodbStreamRecord> dynamodbStreamRecordlist = dynamodbEvent.getRecords();
if (!dynamodbStreamRecordlist.isEmpty()) {
DynamodbEvent.DynamodbStreamRecord record = dynamodbStreamRecordlist.get(0);
if(record.getEventSource().equalsIgnoreCase("aws:dynamodb"))
tableName = getTableNameFromARN(record.getEventSourceARN());
}
LaneAnnotation laneAnnotation = new LaneAnnotation();
ScanRequest scanRequest = new ScanRequest().withTableName(tableName);
ScanResult result = amazonDynamoDBClient.scan(scanRequest);
List<Lines> linesFinalList = new ArrayList<Lines>();
if(result != null) {
for (Map<String, AttributeValue> item : result.getItems()) {
//code for looping through the table items and generating a json object for the elastic search model
}
//Code to post the json below -
RestTemplate restTemplate = new RestTemplate();
SimpleClientHttpRequestFactory clientHttpRequestFactory = (SimpleClientHttpRequestFactory)restTemplate.getRequestFactory();
clientHttpRequestFactory.setConnectTimeout(10000);
clientHttpRequestFactory.setReadTimeout(10000);
HttpEntity<String> entity = new HttpEntity<String>(<json goes here>, headers);
try{
restTemplate.exchange(endpoint, HttpMethod.POST, entity, String.class);
}catch(Exception e){
e.printStackTrace();
}
}
public Object handleRequest(DynamodbEvent DynamodbEvent,Context){
//json文档的通用代码
AmazondynamodClient AmazondynamodClient=新的AmazondynamodClient();
List dynamodbStreamRecordlist=dynamodbEvent.getRecords();
如果(!dynamodbStreamRecordlist.isEmpty()){
DynamodbEvent.DynamodbStreamRecord记录=dynamodbStreamRecordlist.get(0);
if(record.getEventSource().equalsIgnoreCase(“aws:dynamodb”))
tableName=getTableNameFromARN(record.getEventSourceARN());
}
LaneAnnotation LaneAnnotation=新的LaneAnnotation();
ScanRequest ScanRequest=新的ScanRequest()。带有tableName(tableName);
ScanResult结果=AmazondynamodClient.scan(scanRequest);
List linesFinalList=新建ArrayList();
如果(结果!=null){
对于(映射项:result.getItems()){
//用于循环表项并为弹性搜索模型生成json对象的代码
}
//在下面发布json的代码-
RestTemplate RestTemplate=新RestTemplate();
SimpleClientHttpRequestFactory clientHttpRequestFactory=(SimpleClientHttpRequestFactory)restTemplate.getRequestFactory();
clientHttpRequestFactory.setConnectTimeout(10000);
clientHttpRequestFactory.setReadTimeout(10000);
HttpEntity=新的HttpEntity(,标头);
试一试{
交换(端点,HttpMethod.POST,实体,String.class);
}捕获(例外e){
e、 printStackTrace();
}
}
org.springframework.web.client.HttpClientErrorException: 403 Forbidden
at org.springframework.web.client.DefaultResponseErrorHandler.handleError(DefaultResponseErrorHandler.java:91)
at org.springframework.web.client.RestTemplate.handleResponse(RestTemplate.java:700)
at org.springframework.web.client.RestTemplate.doExecute(RestTemplate.java:653)
at org.springframework.web.client.RestTemplate.execute(RestTemplate.java:613)
at org.springframework.web.client.RestTemplate.exchange(RestTemplate.java:531)
at com.here.aws.LambdaApplication.handleRequest(LambdaApplication.java:166)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:498)
at lambdainternal.EventHandlerLoader$PojoMethodRequestHandler.handleRequest(EventHandlerLoader.java:456)
at lambdainternal.EventHandlerLoader$PojoHandlerAsStreamHandler.handleRequest(EventHandlerLoader.java:375)
at lambdainternal.EventHandlerLoader$2.call(EventHandlerLoader.java:1139)
at lambdainternal.AWSLambda.startRuntime(AWSLambda.java:285)
at lambdainternal.AWSLambda.<clinit>(AWSLambda.java:57)
at java.lang.Class.forName0(Native Method)
at java.lang.Class.forName(Class.java:348)
at lambdainternal.LambdaRTEntry.main(LambdaRTEntry.java:94)
org.springframework.web.client.httpclienterror异常:403禁止
位于org.springframework.web.client.DefaultResponseErrorHandler.handleError(DefaultResponseErrorHandler.java:91)
位于org.springframework.web.client.restemplate.handleResponse(restemplate.java:700)
位于org.springframework.web.client.restemplate.doExecute(restemplate.java:653)
位于org.springframework.web.client.restemplate.execute(restemplate.java:613)
位于org.springframework.web.client.restemplate.exchange(restemplate.java:531)
位于com.here.aws.LambdaApplication.handleRequest(LambdaApplication.java:166)
在sun.reflect.NativeMethodAccessorImpl.invoke0(本机方法)处
位于sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
在sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)中
位于java.lang.reflect.Method.invoke(Method.java:498)
位于lambdainternal.EventHandlerLoader$PojoMethodRequestHandler.handleRequest(EventHandlerLoader.java:456)
在lambdainternal.EventHandlerLoader$pojohandlerastreamhandler.handleRequest(EventHandlerLoader.java:375)
在lambdainternal.EventHandlerLoader$2.call(EventHandlerLoader.java:1139)
在lambdainternal.AWSLambda.startRuntime(AWSLambda.java:285)
在lambdainternal.AWSLambda.(AWSLambda.java:57)
位于java.lang.Class.forName0(本机方法)
位于java.lang.Class.forName(Class.java:348)
位于lambdainternal.LambdaRTEntry.main(LambdaRTEntry.java:94)
如果进展顺利,我会向你汇报 EDIT2: 这是第二种发送请求的方式,我试着参考上面的链接-
@Override
public Object handleRequest(DynamodbEvent dynamodbEvent, Context context) {
AmazonDynamoDBClient amazonDynamoDBClient = new AmazonDynamoDBClient();
List<DynamodbEvent.DynamodbStreamRecord> dynamodbStreamRecordlist = dynamodbEvent.getRecords();
if (!dynamodbStreamRecordlist.isEmpty()) {
DynamodbEvent.DynamodbStreamRecord record = dynamodbStreamRecordlist.get(0);
if(record.getEventSource().equalsIgnoreCase("aws:dynamodb"))
tableName = getTableNameFromARN(record.getEventSourceARN());
}
LaneAnnotation laneAnnotation = new LaneAnnotation();
ScanRequest scanRequest = new ScanRequest().withTableName(tableName);
ScanResult result = amazonDynamoDBClient.scan(scanRequest);
List<Lines> linesFinalList = new ArrayList<Lines>();
if(result != null) {
for (Map<String, AttributeValue> item : result.getItems()) {
//Generate the json object that needs to be sent in the request
}
HttpHeaders headers = new HttpHeaders();
headers.setContentType(MediaType.APPLICATION_JSON_UTF8);
Request<?> request = new DefaultRequest<Void>(SERVICE_NAME);
request.setContent(new ByteArrayInputStream(elasticSearchModel.toString().getBytes()));
request.setEndpoint(URI.create(endpoint));
request.setHttpMethod(HttpMethodName.POST);
AWS4Signer signer = new AWS4Signer();
signer.setServiceName(SERVICE_NAME);
signer.setRegionName(Regions.US_EAST_1.getName());
AWSCredentialsProvider credsProvider =
new DefaultAWSCredentialsProviderChain();
AWSCredentials creds = credsProvider.getCredentials();
// Sign request with supplied creds
signer.sign(request, creds);
log.info("Request signed");
ExecutionContext executionContext = new ExecutionContext(true);
ClientConfiguration clientConfiguration = new ClientConfiguration();
AmazonHttpClient client = new AmazonHttpClient(clientConfiguration);
MyHttpResponseHandler<Void> responseHandler = new MyHttpResponseHandler<Void>();
MyErrorHandler errorHandler = new MyErrorHandler();
Response<Void> response =
client.execute(request, responseHandler, errorHandler, executionContext);
return dynamodbEvent;
}
@覆盖
公共对象handleRequest(DynamodbEvent DynamodbEvent,上下文){
AmazondynamodClient AmazondynamodClient=新的AmazondynamodClient();
List dynamodbStreamRecordlist=dynamodbEvent.getRecords();
如果(!dynamodbStreamRecordlist.isEmpty()){
DynamodbEvent.DynamodbStreamRecord记录=dynamodbStreamRecordlist.get(0);
if(record.getEventSource().equalsIgnoreCase(“aws:dynamodb”))
tableName=getTableNameFromARN(record.getEventSourceARN());
}
LaneAnnotation LaneAnnotation=新的LaneAnnotation();
ScanRequest ScanRequest=新的ScanRequest()。带有tableName(tableName);
ScanResult结果=AmazondynamodClient.scan(scanRequest);
List linesFinalList=新建ArrayList();
如果(结果!=null){
对于(映射项:result.getItems()){
//生成需要在请求中发送的json对象
}
HttpHeaders=新的HttpHeaders();
headers.setContentType(MediaType.APPLICATION\uJSON\uUTF8);
请求=新的默认请求(服务名称);
setContent(新的ByteArrayInputStream(elasticSearchModel.toString().getBytes());
setEndpoint(URI.create(endpoint));
request.setHttpMethod(HttpMethodName.POST);
AWS4Signer signer=新的AWS4Signer();
signer.setServiceName(服务名称);
signer.setRegionName(Regions.US_EAST_1.getName());
AWSCredentialsProvider凭证提供者=
新的DefaultAWSCredentialsProviderChain();
AWSCredentials creds=credsProvider.getCredentials();
//使用提供的凭据签署请求
签名人。签名(请求、信用);
日志信息(“已签署的请求”);
ExecutionContext ExecutionContext=新的ExecutionContext(true);
ClientConfiguration ClientConfiguration=新的ClientConfiguration();
AmazonHttpClient客户端=新的AmazonHttpClient(客户端配置);
MyHttpResponseHandler responseHandler=新的MyHttpResponseHandler();
MyErrorHandler errorHandler=新的MyErrorHandler();
回应=
执行(请求、响应)
Check the signature you provided. Check your AWS Secret Access Key and signing method. Consult the service documentation for details.
The Canonical String for this request should have been
'GET
/
host:somehostname-XXXXXXXXXXXXXXXX.us-east-1.es.amazonaws.com
x-amz-date:20170130T105736Z
x-amz-security-token:FQoDYXdzEG4aDJJ4ryjXXXXXXXXXXXXXXXX/auMHooYENY6YXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
host;x-amz-date;x-amz-security-token
e3b0c4429XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX'
The String-to-Sign should have been
'AWS4-HMAC-SHA256
20170130T105736Z
20170130/us-east-1/es/aws4_request
9a5b4c92ec121c333f8cdXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX'
"}"
10:57:36.818 [main] DEBUG org.apache.http.headers - http-outgoing-1 << HTTP/1.1 403 Forbidden
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"AWS": "*"
},
"Action": "es:*",
"Resource": "arn:aws:es:us-east-1:YOUR-AWS-ACCOUNT-ID:domain/YOUR-ELASTICSEARCH-DOMAIN-NAME/*",
"Condition": {
"IpAddress": {
"aws:SourceIp": [
"YOUR-NAT-GATEWAY-PUBLIC-IP/32"
]
}
}
}
]
}