ValidationException:在继续之前，您必须启用服务链接角色以授予Amazon ES权限以访问您的VPC [英] ValidationException: Before you can proceed, you must enable a service-linked role to give Amazon ES permissions to access your VPC

问题描述

我正在尝试在AWS上创建VPC控制的Elastic Search Service.问题是我在运行以下代码时始终收到错误消息:"ValidationException:必须先启用服务链接角色才能授予Amazon ES访问您的VPC的权限，然后才能继续操作.

I am trying to create a VPC controlled Elastic Search Service on AWS. The problem is I keep getting the error when I run the following code: 'ValidationException: Before you can proceed, you must enable a service-linked role to give Amazon ES permissions to access your VPC'.

const AWS = require('aws-sdk');
AWS.config.update({region:'<aws-datacenter>'});
const accessPolicies = {
  Statement: [{
    Effect: "Allow",
    Principal: {
      AWS: "*"
    },
    Action: "es:*",
    Resource: "arn:aws:es:<dc>:<accountid>:domain/<domain-name/*"
  }]
};
const params = {
  DomainName: '<domain>',
  /* required */
  AccessPolicies: JSON.stringify(accessPolicies),
  AdvancedOptions: {
    EBSEnabled: "true",
    VolumeType: "io1",
    VolumeSize: "100",
    Iops: "1000"
  },
  EBSOptions: {
    EBSEnabled: true,
    Iops: 1000,
    VolumeSize: 100,
    VolumeType: "io1"
  },
  ElasticsearchClusterConfig: {
    DedicatedMasterCount: 3,
    DedicatedMasterEnabled: true,
    DedicatedMasterType: "m4.large.elasticsearch",
    InstanceCount: 2,
    InstanceType: 'm4.xlarge.elasticsearch',
    ZoneAwarenessEnabled: true
  },
  ElasticsearchVersion: '5.5',
  SnapshotOptions: {
    AutomatedSnapshotStartHour: 3
  },
  VPCOptions: {
    SubnetIds: [
      '<redacted>',
      '<redacted>'
    ],
    SecurityGroupIds: [
      '<redacted>'
    ]
  }
};

const es = new AWS.ES();
es.createElasticsearchDomain(params, function (err, data) {
  if (err) {
    console.log(err, err.stack); // an error occurred
  } else {
    console.log(JSON.stringify(data, null, 4)); // successful response
  }
});

问题是我收到此错误:ValidationException:在继续之前，您必须启用服务链接角色以授予Amazon ES访问您的VPC的权限.我似乎无法弄清楚如何为弹性搜索服务创建此服务链接角色.在aws.amazon.com IAM控制台中，我无法为角色选择该服务.我相信它应该是自动创建的.

The problem is I get this error: ValidationException: Before you can proceed, you must enable a service-linked role to give Amazon ES permissions to access your VPC. I cannot seem to figure out how to create this service linked role for the elastic search service. In the aws.amazon.com IAM console I cannot select that service for a role. I believe it is supposed to be created automatically.

有人遇到这个问题或知道解决方法吗?

Has anybody ran into this or know the way to fix it?

推荐答案

可以使用AWS CLI创建与服务相关的角色.

The service-linked role can be created using the AWS CLI.

aws iam create-service-linked-role --aws-service-name es.amazonaws.com

这篇关于ValidationException:在继续之前，您必须启用服务链接角色以授予Amazon ES权限以访问您的VPC的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！