如何从Amazon弹性搜索服务访问Kibana？ [英] How to access Kibana from Amazon elasticsearch service?

问题描述

我使用已经安装在EC2实例上的logstash创建了Amazon弹性搜索服务和填充数据。在Amazon弹性服务控制台页面上，将有一个链接访问Kibana。

I created Amazon elasticsearch service and populated data into it using logstash, which has been installed on an EC2 instance. On the Amazon elasticservice console page, there will be a link to access Kibana.

search-cluster_name-XXXXXXXXXXXXXXXXXXX.region_name.es.amazonaws.com/_plugin/kibana/

当我点击链接，浏览器会抛出以下错误。

when I click the link, browser is throwing the following error.

{"Message":"User: anonymous is not authorized to perform: es:ESHttpGet on resource: arn:aws:es:region_name:account_id:domain/cluster_name/_plugin/kibana/"}

我确信这个与ES域的访问策略有关。我应该如何修改访问策略，以便从指定的链接中点击获取Kibana？

I'm sure that this has something related with access policy of ES domain.How should I modify my access policy so that I can access Kibana from a click on the link specified ?

推荐答案

您可以使用基于IAM和IP地址的访问来设置访问策略。 请在这里查看我的答案。简而言之：

You can setup an Access Policy with both IAM and IP-address based access. See my answer here. In short:

• EC2实例需要具有的配置文件arn：aws：iam :: aws：policy / AmazonESFullAccess 政策


• 策略应包含两个语句：首先列出IAM访问，第二个列表IP访问。

这是一个示例政策（声明顺序很重要！）

Here's an example policy (statement order is important!)

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Principal": {
        "AWS": "arn:aws:iam::xxxxxxxxxxxx:root"
      },
      "Action": "es:*",
      "Resource": "arn:aws:es:us-west-2:xxxxxxxxxxxx:domain/my-elasticsearch-domain/*"
    },
    {
      "Sid": "",
      "Effect": "Allow",
      "Principal": {
        "AWS": "*"
      },
      "Action": "es:*",
      "Resource": "arn:aws:es:us-west-2:xxxxxxxxxxxx:domain/my-elasticsearch-domain/*",
      "Condition": {
        "IpAddress": {
          "aws:SourceIp": [
            "192.168.1.0",
            "192.168.1.1"
          ]
        }
      }
    }
  ]
}

这篇关于如何从Amazon弹性搜索服务访问Kibana？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！