如何从Amazon弹性搜索服务访问Kibana? [英] How to access Kibana from Amazon elasticsearch service?
问题描述
我使用已经安装在EC2实例上的logstash创建了Amazon弹性搜索服务和填充数据。在Amazon弹性服务控制台页面上,将有一个链接访问Kibana。
I created Amazon elasticsearch service and populated data into it using logstash, which has been installed on an EC2 instance. On the Amazon elasticservice console page, there will be a link to access Kibana.
search-cluster_name-XXXXXXXXXXXXXXXXXXX.region_name.es.amazonaws.com/_plugin/kibana/
当我点击链接,浏览器会抛出以下错误。
when I click the link, browser is throwing the following error.
{"Message":"User: anonymous is not authorized to perform: es:ESHttpGet on resource: arn:aws:es:region_name:account_id:domain/cluster_name/_plugin/kibana/"}
我确信这个与ES域的访问策略有关。我应该如何修改访问策略,以便从指定的链接中点击获取Kibana?
I'm sure that this has something related with access policy of ES domain.How should I modify my access policy so that I can access Kibana from a click on the link specified ?
推荐答案
您可以使用基于IAM和IP地址的访问来设置访问策略。 请在这里查看我的答案。简而言之:
You can setup an Access Policy with both IAM and IP-address based access. See my answer here. In short:
- EC2实例需要具有
的配置文件arn:aws:iam :: aws:policy / AmazonESFullAccess
政策 - 策略应包含两个语句:首先列出IAM访问,第二个列表IP访问。
这是一个示例政策(声明顺序很重要!)
Here's an example policy (statement order is important!)
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"AWS": "arn:aws:iam::xxxxxxxxxxxx:root"
},
"Action": "es:*",
"Resource": "arn:aws:es:us-west-2:xxxxxxxxxxxx:domain/my-elasticsearch-domain/*"
},
{
"Sid": "",
"Effect": "Allow",
"Principal": {
"AWS": "*"
},
"Action": "es:*",
"Resource": "arn:aws:es:us-west-2:xxxxxxxxxxxx:domain/my-elasticsearch-domain/*",
"Condition": {
"IpAddress": {
"aws:SourceIp": [
"192.168.1.0",
"192.168.1.1"
]
}
}
}
]
}
这篇关于如何从Amazon弹性搜索服务访问Kibana?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!