elasticsearch 创建ElasticSearch域时出错：ValidationException:身份验证错误

我最近在使用Terraform创建ES域时遇到了这个错误。我定义ES域的方式没有任何改变。然而，我确实开始在ALB层上使用SSL（AWS ACM证书），但这不应该影响这一点。你知道它在抱怨什么吗

resource "aws_elasticsearch_domain" "es" {
  domain_name = "${var.es_domain}"
  elasticsearch_version = "6.3"

  cluster_config {
      instance_type = "r4.large.elasticsearch"
      instance_count = 2
      zone_awareness_enabled = true
  }

  vpc_options {
      subnet_ids = "${var.private_subnet_ids}"
      security_group_ids = [
          "${aws_security_group.es_sg.id}"
      ]
  }

  ebs_options {
      ebs_enabled = true
      volume_size = 10
  }

  access_policies = <<CONFIG
{
  "Version": "2012-10-17",
  "Statement": [
      {
          "Action": "es:*",
          "Principal": "*",
          "Effect": "Allow",
          "Resource": "arn:aws:es:${data.aws_region.current.name}:${data.aws_caller_identity.current.account_id}:domain/${var.es_domain}/*"
      }
  ]
}
  CONFIG

  snapshot_options {
      automated_snapshot_start_hour = 23
  }

  tags = {
      Domain = "${var.es_domain}"
  }

  depends_on = [
    "aws_iam_service_linked_role.es",
  ]
}

resource "aws_iam_service_linked_role" "es" {
  aws_service_name = "es.amazonaws.com"
}

---

据我在控制台中看到的情况，AWS很快就验证并发布了证书。如图所示，它与ES域无关

有时在启用服务链接角色之前创建ES域时会出现这种情况，即使使用取决于

也许您可以尝试使用本地exec provisioner等待

resource "aws_iam_service_linked_role" "es" {
  aws_service_name = "es.amazonaws.com"
  provisioner "local-exec" {
    command = "sleep 10"
  }
}

---

您得到的完整错误是什么？您是否同时创建了这两个文件（例如相同的目录和状态文件）？@ydaetskcoR-这确实是完全的错误。是的，我正在同一目录和状态文件中创建ALB+ACM证书和ES。

resource "aws_iam_service_linked_role" "es" {
  aws_service_name = "es.amazonaws.com"
  provisioner "local-exec" {
    command = "sleep 10"
  }
}