ValidationException:在继续之前,您必须启用服务链接角色以授予Amazon ES权限以访问您的VPC [英] ValidationException: Before you can proceed, you must enable a service-linked role to give Amazon ES permissions to access your VPC
问题描述
我正在尝试在AWS上创建VPC控制的Elastic Search Service.问题是我在运行以下代码时始终收到错误消息:"ValidationException:必须先启用服务链接角色才能授予Amazon ES访问您的VPC的权限,然后才能继续操作.
I am trying to create a VPC controlled Elastic Search Service on AWS. The problem is I keep getting the error when I run the following code: 'ValidationException: Before you can proceed, you must enable a service-linked role to give Amazon ES permissions to access your VPC'.
const AWS = require('aws-sdk');
AWS.config.update({region:'<aws-datacenter>'});
const accessPolicies = {
Statement: [{
Effect: "Allow",
Principal: {
AWS: "*"
},
Action: "es:*",
Resource: "arn:aws:es:<dc>:<accountid>:domain/<domain-name/*"
}]
};
const params = {
DomainName: '<domain>',
/* required */
AccessPolicies: JSON.stringify(accessPolicies),
AdvancedOptions: {
EBSEnabled: "true",
VolumeType: "io1",
VolumeSize: "100",
Iops: "1000"
},
EBSOptions: {
EBSEnabled: true,
Iops: 1000,
VolumeSize: 100,
VolumeType: "io1"
},
ElasticsearchClusterConfig: {
DedicatedMasterCount: 3,
DedicatedMasterEnabled: true,
DedicatedMasterType: "m4.large.elasticsearch",
InstanceCount: 2,
InstanceType: 'm4.xlarge.elasticsearch',
ZoneAwarenessEnabled: true
},
ElasticsearchVersion: '5.5',
SnapshotOptions: {
AutomatedSnapshotStartHour: 3
},
VPCOptions: {
SubnetIds: [
'<redacted>',
'<redacted>'
],
SecurityGroupIds: [
'<redacted>'
]
}
};
const es = new AWS.ES();
es.createElasticsearchDomain(params, function (err, data) {
if (err) {
console.log(err, err.stack); // an error occurred
} else {
console.log(JSON.stringify(data, null, 4)); // successful response
}
});
问题是我收到此错误:ValidationException:在继续之前,您必须启用服务链接角色以授予Amazon ES访问您的VPC的权限.我似乎无法弄清楚如何为弹性搜索服务创建此服务链接角色.在aws.amazon.com IAM控制台中,我无法为角色选择该服务.我相信它应该是自动创建的.
The problem is I get this error: ValidationException: Before you can proceed, you must enable a service-linked role to give Amazon ES permissions to access your VPC. I cannot seem to figure out how to create this service linked role for the elastic search service. In the aws.amazon.com IAM console I cannot select that service for a role. I believe it is supposed to be created automatically.
有人遇到这个问题或知道解决方法吗?
Has anybody ran into this or know the way to fix it?
推荐答案
可以使用AWS CLI创建与服务相关的角色.
The service-linked role can be created using the AWS CLI.
aws iam create-service-linked-role --aws-service-name es.amazonaws.com
这篇关于ValidationException:在继续之前,您必须启用服务链接角色以授予Amazon ES权限以访问您的VPC的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!