Jar*_*red 3 amazon-web-services elasticsearch
我已经设置了我的AWS Elasticsearch实例,以便任何人都可以执行任何操作(创建,删除,搜索等).
这些是我的权限(用我的Elasticsearch ARN替换$ myARN):
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"AWS": "*"
},
"Action": "es:*",
"Resource": "$myARN"
}
]
}
当我PUT一个新的索引:
PUT http://my-elasticsearch-domain.us-west-2.es.amazonaws.com/index-name
或者我DELETE是一个索引:
DELETE http://my-elasticsearch-domain.us-west-2.es.amazonaws.com/index-name
我明白了:
{
"acknowledged": true
}
这意味着我可以创建和删除索引但是当我尝试重新POST索引时,我得到:
{
"Message": "Your request: '/_reindex' is not allowed."
}
我是否必须签署此请求?为什么我必须签署此请求但不创建或删除索引?
原因很简单,因为Amazon Elasticsearch Service是一种受限制的环境,您无法访问由Elasticsearch的准系统安装提供的所有服务和端点.
您可以检查允许在Amazon Elasticsearch Service上使用的端点列表,但_reindex不属于该列表.
UPDATE
不过,还有另一种方法可以达到你想要的效果.通过利用Logstash,您可以从ES获取数据,应用您希望的任何转换并将其汇回ES.
input {
elasticsearch {
hosts => ["my-elasticsearch-domain.us-west-2.es.amazonaws.com:80"]
index => "index-name"
docinfo => true
}
}
filter {
mutate {
remove_field => [ "@version", "@timestamp" ]
}
# add other transformations here
}
output {
elasticsearch {
hosts => ["my-elasticsearch-domain.us-west-2.es.amazonaws.com:80"]
manage_template => false
index => "%{[@metadata][_index]}"
document_type => "%{[@metadata][_type]}"
document_id => "%{[@metadata][_id]}"
}
}