从node.js向AWS ES实例创建有效的签名请求 [英] Creating a valid signed request to an AWS ES instance from node.js
问题描述
我正在尝试找到一个如何连接到node.js中的AWS ES实例的示例,然后以简单的请求命中ES集群。
我试图使用弹性搜索节点包,以及一个名为< a href =https://github.com/TheDeveloper/http-aws-es =nofollow noreferrer> http-aws-es 来执行此操作。
我已经配置了我的aws ES访问策略,如下所示:
{
版本:2012-10-17,
声明:[
{
效果:允许,
Principal:{
AWS:arn:aws:iam ::< account-id>:root
},
Action:es:*,
Resource -domain.us-east-1.es.amazonaws.com:<account-id>:domain/*
},
{
Sid:,
效果:允许,
主体:{
AWS: *
},
Action:es:*,
资源:example-domain.us-east-1.es.amazonaws.com:<account -id>:domain / *,
条件:{
IpAddress:{
aws:SourceIp:< my-ip>
}
}
}
]
}
所以,我希望能够从一个ip地址或一个链接到我的aws帐户的IAM用户在es实例上发出put和get请求。
我在node.js中尝试以下代码:
var aws_access_key ='example';
var aws_secret_key ='key';
var es = require('elasticsearch')。Client({
hosts:'example-domain.us-east-1.es.amazonaws.com',
connectionClass :require('http-aws-es'),
amazonES:{
region:'us-east-1',
accessKey:aws_access_key,
secretKey:aws_secret_key
}
});
es.ping({
// ping通常有一个3000ms超时
requestTimeout:Infinity,
//未记录的参数附加到查询string
hello:elasticsearch!
},function(error){
if(error){
console.log(error);
console.trace '弹性搜索集群已经关闭了!');
} else {
console.log('All are well');
}
});
其中当前返回授权错误:
{[错误:授权异常]
状态:403,
displayName:'AuthorizationException',
message:'授权异常'}
我尚未看到在node.js中使用签名策略使用aws ES实例的工作示例。任何人都有洞察力?
事实证明,除了一步之外,我在我的问题上做了几乎一切正确的事情。 p>
与 aws_access_key
和 aws_secret_key
相关联的IAM用户以上代码必须具有与弹性搜索实例交互的特定权限。所以我登录到AWS控制台,并将以下政策添加到需要与弹性搜索实例进行交互的IAM用户。
{
版本:2012-10-17,
声明:[
{
Sid:Stmt1480915344000,
效果 :允许,
动作:[
es:*
],
资源:[
arn:aws:es:us -east-1:< account-id>:domain / *
]
}
]
}
I'm trying to find an example of how to connect to an AWS ES instance in node.js, and then hit the ES cluster with a simple request.
I'm attempting to use the elasticsearch node package, along with an open source addon called http-aws-es to do this.
I have configured my aws ES access policy to look like the following:
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"AWS": "arn:aws:iam::<account-id>:root"
},
"Action": "es:*",
"Resource": "example-domain.us-east-1.es.amazonaws.com:<account-id>:domain/*"
},
{
"Sid": "",
"Effect": "Allow",
"Principal": {
"AWS": "*"
},
"Action": "es:*",
"Resource": "example-domain.us-east-1.es.amazonaws.com:<account-id>:domain/*",
"Condition": {
"IpAddress": {
"aws:SourceIp": "<my-ip>"
}
}
}
]
}
So, I would like to be able to issue put and get requests on the es instance from either an ip address or from an IAM user linked to my aws account.
I have the following code that attempts this in node.js:
var aws_access_key = 'example';
var aws_secret_key = 'key';
var es = require('elasticsearch').Client({
hosts: 'example-domain.us-east-1.es.amazonaws.com',
connectionClass: require('http-aws-es'),
amazonES: {
region: 'us-east-1',
accessKey: aws_access_key,
secretKey: aws_secret_key
}
});
es.ping({
// ping usually has a 3000ms timeout
requestTimeout: Infinity,
// undocumented params are appended to the query string
hello: "elasticsearch!"
}, function (error) {
if (error) {
console.log(error);
console.trace('elasticsearch cluster is down!');
} else {
console.log('All is well');
}
});
Which currently returns an authorization error:
{ [Error: Authorization Exception]
status: 403,
displayName: 'AuthorizationException',
message: 'Authorization Exception' }
I've yet to see a working example of using an aws ES instance by using a signed policy in node.js. Anyone have insights?
It turns out that I had done almost everything correctly in my question, except for one step.
The IAM user associated with the aws_access_key
and aws_secret_key
in the code above must have specific permissions to interact with the elastic search instances. So I logged in to the AWS console and added the following policy to the IAM users that would need to interact with the elasticsearch instance
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "Stmt1480915344000",
"Effect": "Allow",
"Action": [
"es:*"
],
"Resource": [
"arn:aws:es:us-east-1:<account-id>:domain/*"
]
}
]
}
这篇关于从node.js向AWS ES实例创建有效的签名请求的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!