I have created AWS elasticsearch domain
On click both elastic url and kibana below is the error i got
{"Message":"User: anonymous is not authorized to perform: es:ESHttpGet"}
Below is code which is working fine
import boto3 from requests_aws4auth import AWS4Auth from elasticsearch import Elasticsearch, RequestsHttpConnection session = boto3.session.Session() credentials = session.get_credentials() awsauth = AWS4Auth(credentials.access_key, credentials.secret_key, session.region_name, 'es', session_token=credentials.token) es = Elasticsearch( [' http_auth=awsauth, use_ssl=True, verify_certs=True, connection_class=RequestsHttpConnection ) def lambda_handler(event, context): es.cluster.health() es.indices.create(index='my-index', ignore=400) r = [{'Name': 'Dr. Christopher DeSimone', 'Specialised and Location': 'Health'}, {'Name': 'Dr. Tajwar Aamir (Aamir)', 'Specialised and Location': 'Health'}, {'Name': 'Dr. Bernard M. Aaron', 'Specialised and Location': 'Health'}, {'Name': 'Eliana M. Aaron', 'Specialised and Location': 'Health'}, {'Name': 'Dr. Joseph J. Aaron', 'Specialised and Location': 'Health'}, {'Name': 'Dr. Michael R. Aaron', 'Specialised and Location': 'Health'}, {'Name': 'Dr. Darryl H. Aarons', 'Specialised and Location': 'Health'}, {'Name': 'Dr. William B. Aarons', 'Specialised and Location': 'Health'}, {'Name': 'Dr. Sirike T. Aasmaa', 'Specialised and Location': 'Health'}, {'Name': 'Dr. Jacobo A. Abadi', 'Specialised and Location': 'Health'}] for e in enumerate(r): es.index(index="my-index", body=e[1]) Below is the access policy
{ "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Principal": { "AWS": "*" }, "Action": "es:*", "Resource": "arn:aws:es:us-east-1:xxxxxx:domain/xxxxx/*", "Condition": { "IpAddress": { "aws:SourceIp": "*" } } } ] } 02 Answers
This error would indicate your ElasticSearch service does not support anonymous requests (those not signed with valid IAM credentials).
Although your policy sees ok the official allow all policy looks like the below
{ "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Principal": { "AWS": "*" }, "Action": "es:*", "Resource": "arn:aws:es:us-east-1:xxxxxx:domain/xxxxx/*" } ] } 14Try to use AWS Signature authentication method at the Postman, for tests
1
