错误的请求签名。 AWS 弹性搜索
Error the request signature. AWS ElasticSearch
当我想从索引中删除一个项目时,它失败了,并向我们显示了下一条 ERROR 痕迹:
org.springframework.data.elasticsearch.ElasticsearchException: Cannot execute jest action ,
response code : 403 , error : 403 Forbidden ,
message : The request signature we calculated does not match the signature you provided.
Check your AWS Secret Access Key and signing method. Consult the service documentation for details.
我在 ElasticsearchRepository 存储库中创建了一个 "removeBy..." 方法来从我们的索引中删除项目:
public interface IndexSynonymRepository extends ElasticsearchRepository<IdxSynonym, Long> {
void removeByIdDashboardAndIdTable(Long idDashBoard, Long idTable);
}
纳入我的 JAVA 项目的版本如下:
POM 配置版本:
<!-- Spring Data Jest ElasticSearch AWS -->
<dependency>
<groupId>com.github.vanroy</groupId>
<artifactId>spring-boot-starter-data-jest</artifactId>
<version>2.3.1.RELEASE</version>
</dependency>
<!-- Spring Data ElasticSearch -->
<dependency>
<groupId>org.springframework.data</groupId>
<artifactId>spring-data-elasticsearch</artifactId>
<version>2.1.1.RELEASE</version>
</dependency>
<!-- Jest -->
<dependency>
<groupId>io.searchbox</groupId>
<artifactId>jest</artifactId>
<version>2.0.4</version>
</dependency>
<!-- ElasticSearch -->
<dependency>
<groupId>org.elasticsearch</groupId>
<artifactId>elasticsearch</artifactId>
<version>2.4.4</version>
</dependency>
<!-- Spring Boot -->
<parent>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-parent</artifactId>
<version>1.5.2.RELEASE</version>
<relativePath />
<!-- lookup parent from repository -->
</parent>
<!-- Aws Signing Request Interceptor -->
<dependency>
<groupId>vc.inreach.aws</groupId>
<artifactId>aws-signing-request-interceptor</artifactId>
<version>0.0.20</version>
<scope>compile</scope>
<exclusions>
<exclusion>
<artifactId>*</artifactId>
<groupId>com.amazonaws</groupId>
</exclusion>
</exclusions>
</dependency>
我们在 AWS 中配置的角色策略如下:
Access Policy ElasticSearch:
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"AWS": "*"
},
"Action": "es:*",
"Resource": [
"arn:aws:es:us-east-1:XXXXXXXXXXXX:domain/my-domain/*",
"arn:aws:es:us-east-1:XXXXXXXXXXXX:domain/my-domain"
]
}
]
}
EC2 Role Policy:
{
"Version": "2012-10-17",
"Statement": [
{
"Action": [
"es:*"
],
"Resource": [
"arn:aws:es:us-east-1:XXXXXXXXXXXX:domain/my-domain",
"arn:aws:es:us-east-1:XXXXXXXXXXXX:domain/my-domain/*"
],
"Effect": "Allow"
}
]
}
不知道是许可证的问题,还是我签错了
我需要帮助来解决这个问题。非常感谢您。
配置 VPC 访问时,使用 ES 访问策略模板时不需要 aws-signing-request-interceptor:
您可以通过 ES 安全组配置访问权限。您应该添加这样的入站规则:
Type: HTTPS
Protocol: TCP
Port: 443
Source: sg-abcdefghijklmno (Your EC2 instance Security group)
希望对您有所帮助
当我想从索引中删除一个项目时,它失败了,并向我们显示了下一条 ERROR 痕迹:
org.springframework.data.elasticsearch.ElasticsearchException: Cannot execute jest action , response code : 403 , error : 403 Forbidden , message : The request signature we calculated does not match the signature you provided. Check your AWS Secret Access Key and signing method. Consult the service documentation for details.
我在 ElasticsearchRepository 存储库中创建了一个 "removeBy..." 方法来从我们的索引中删除项目:
public interface IndexSynonymRepository extends ElasticsearchRepository<IdxSynonym, Long> {
void removeByIdDashboardAndIdTable(Long idDashBoard, Long idTable);
}
纳入我的 JAVA 项目的版本如下: POM 配置版本:
<!-- Spring Data Jest ElasticSearch AWS -->
<dependency>
<groupId>com.github.vanroy</groupId>
<artifactId>spring-boot-starter-data-jest</artifactId>
<version>2.3.1.RELEASE</version>
</dependency>
<!-- Spring Data ElasticSearch -->
<dependency>
<groupId>org.springframework.data</groupId>
<artifactId>spring-data-elasticsearch</artifactId>
<version>2.1.1.RELEASE</version>
</dependency>
<!-- Jest -->
<dependency>
<groupId>io.searchbox</groupId>
<artifactId>jest</artifactId>
<version>2.0.4</version>
</dependency>
<!-- ElasticSearch -->
<dependency>
<groupId>org.elasticsearch</groupId>
<artifactId>elasticsearch</artifactId>
<version>2.4.4</version>
</dependency>
<!-- Spring Boot -->
<parent>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-parent</artifactId>
<version>1.5.2.RELEASE</version>
<relativePath />
<!-- lookup parent from repository -->
</parent>
<!-- Aws Signing Request Interceptor -->
<dependency>
<groupId>vc.inreach.aws</groupId>
<artifactId>aws-signing-request-interceptor</artifactId>
<version>0.0.20</version>
<scope>compile</scope>
<exclusions>
<exclusion>
<artifactId>*</artifactId>
<groupId>com.amazonaws</groupId>
</exclusion>
</exclusions>
</dependency>
我们在 AWS 中配置的角色策略如下:
Access Policy ElasticSearch:
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"AWS": "*"
},
"Action": "es:*",
"Resource": [
"arn:aws:es:us-east-1:XXXXXXXXXXXX:domain/my-domain/*",
"arn:aws:es:us-east-1:XXXXXXXXXXXX:domain/my-domain"
]
}
]
}
EC2 Role Policy:
{
"Version": "2012-10-17",
"Statement": [
{
"Action": [
"es:*"
],
"Resource": [
"arn:aws:es:us-east-1:XXXXXXXXXXXX:domain/my-domain",
"arn:aws:es:us-east-1:XXXXXXXXXXXX:domain/my-domain/*"
],
"Effect": "Allow"
}
]
}
不知道是许可证的问题,还是我签错了
我需要帮助来解决这个问题。非常感谢您。
配置 VPC 访问时,使用 ES 访问策略模板时不需要 aws-signing-request-interceptor:
您可以通过 ES 安全组配置访问权限。您应该添加这样的入站规则:
Type: HTTPS
Protocol: TCP
Port: 443
Source: sg-abcdefghijklmno (Your EC2 instance Security group)
希望对您有所帮助