I have created AWS elasticsearch domain

On click both elastic url and kibana below is the error i got

{"Message":"User: anonymous is not authorized to perform: es:ESHttpGet"}

enter image description here

Below is code which is working fine

import boto3 from requests_aws4auth import AWS4Auth from elasticsearch import Elasticsearch, RequestsHttpConnection session = boto3.session.Session() credentials = session.get_credentials() awsauth = AWS4Auth(credentials.access_key, credentials.secret_key, session.region_name, 'es', session_token=credentials.token) es = Elasticsearch( [' http_auth=awsauth, use_ssl=True, verify_certs=True, connection_class=RequestsHttpConnection ) def lambda_handler(event, context): es.cluster.health() es.indices.create(index='my-index', ignore=400) r = [{'Name': 'Dr. Christopher DeSimone', 'Specialised and Location': 'Health'}, {'Name': 'Dr. Tajwar Aamir (Aamir)', 'Specialised and Location': 'Health'}, {'Name': 'Dr. Bernard M. Aaron', 'Specialised and Location': 'Health'}, {'Name': 'Eliana M. Aaron', 'Specialised and Location': 'Health'}, {'Name': 'Dr. Joseph J. Aaron', 'Specialised and Location': 'Health'}, {'Name': 'Dr. Michael R. Aaron', 'Specialised and Location': 'Health'}, {'Name': 'Dr. Darryl H. Aarons', 'Specialised and Location': 'Health'}, {'Name': 'Dr. William B. Aarons', 'Specialised and Location': 'Health'}, {'Name': 'Dr. Sirike T. Aasmaa', 'Specialised and Location': 'Health'}, {'Name': 'Dr. Jacobo A. Abadi', 'Specialised and Location': 'Health'}] for e in enumerate(r): es.index(index="my-index", body=e[1]) 

Below is the access policy

{ "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Principal": { "AWS": "*" }, "Action": "es:*", "Resource": "arn:aws:es:us-east-1:xxxxxx:domain/xxxxx/*", "Condition": { "IpAddress": { "aws:SourceIp": "*" } } } ] } 
0

2 Answers

This error would indicate your ElasticSearch service does not support anonymous requests (those not signed with valid IAM credentials).

Although your policy sees ok the official allow all policy looks like the below

{ "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Principal": { "AWS": "*" }, "Action": "es:*", "Resource": "arn:aws:es:us-east-1:xxxxxx:domain/xxxxx/*" } ] } 
14

Try to use AWS Signature authentication method at the Postman, for tests

1

Your Answer

Sign up or log in

Sign up using Google Sign up using Facebook Sign up using Email and Password

Post as a guest

By clicking “Post Your Answer”, you agree to our terms of service, privacy policy and cookie policy