具有开放访问权限的 AWS elasticsearch 服务
AWS elasticsearch service with open access
我有这个模板一直工作到 2 月。
https://datameetgeobk.s3.amazonaws.com/cftemplates/EyeOfCustomer_updated.yaml.txt
与细粒度访问相关的内容已更改,我收到错误...
Enable fine-grained access control or apply a restrictive access
policy to your domain (Service: AWSElasticsearch; Status Code: 400;
Error Code: ValidationException
这只是一个测试服务器,我不想使用高级安全选项来保护它。
您收到的错误是因为亚马逊启用了细粒度访问控制作为其 release in February 2020 的一部分。
您可以为集群启用 VPCOptions 并创建子网 + 安全组并允许通过该安全组进行访问。添加 VPC ID 作为参数,例如 pVpc(在这种情况下为默认 VPC)
- 添加vpc参数
pVpc:
Description: VPC ID
Type: String
Default: default-xxadssad - your default vpc id
- 添加子网和安全组
ESSubnetA:
Type: AWS::EC2::Subnet
Properties:
VpcId:
Ref: !Ref pVpc
AvailabilityZone: ${self:provider.region}a
CidrBlock: !Ref pVpcCIDR
Tags:
- Key: Name
Value: es-subneta
ESSecurityGroup:
Type: AWS::EC2::SecurityGroup
Properties:
GroupDescription: SecurityGroup for Elasticsearch
VpcId:
Ref: !Ref pVpc
SecurityGroupIngress:
- FromPort: '443'
IpProtocol: tcp
ToPort: '443'
CidrIp: 0.0.0.0/0
Tags:
- Key: Name
Value: es-sg
- 启用 VPCOptions
VPCOptions:
SubnetIds:
- !Ref ESSubnetA
SecurityGroupIds:
- !Ref ESSecurityGroup
我有这个模板一直工作到 2 月。
https://datameetgeobk.s3.amazonaws.com/cftemplates/EyeOfCustomer_updated.yaml.txt
与细粒度访问相关的内容已更改,我收到错误...
Enable fine-grained access control or apply a restrictive access policy to your domain (Service: AWSElasticsearch; Status Code: 400; Error Code: ValidationException
这只是一个测试服务器,我不想使用高级安全选项来保护它。
您收到的错误是因为亚马逊启用了细粒度访问控制作为其 release in February 2020 的一部分。
您可以为集群启用 VPCOptions 并创建子网 + 安全组并允许通过该安全组进行访问。添加 VPC ID 作为参数,例如 pVpc(在这种情况下为默认 VPC)
- 添加vpc参数
pVpc:
Description: VPC ID
Type: String
Default: default-xxadssad - your default vpc id
- 添加子网和安全组
ESSubnetA:
Type: AWS::EC2::Subnet
Properties:
VpcId:
Ref: !Ref pVpc
AvailabilityZone: ${self:provider.region}a
CidrBlock: !Ref pVpcCIDR
Tags:
- Key: Name
Value: es-subneta
ESSecurityGroup:
Type: AWS::EC2::SecurityGroup
Properties:
GroupDescription: SecurityGroup for Elasticsearch
VpcId:
Ref: !Ref pVpc
SecurityGroupIngress:
- FromPort: '443'
IpProtocol: tcp
ToPort: '443'
CidrIp: 0.0.0.0/0
Tags:
- Key: Name
Value: es-sg
- 启用 VPCOptions
VPCOptions:
SubnetIds:
- !Ref ESSubnetA
SecurityGroupIds:
- !Ref ESSecurityGroup