我正在尝试将所有AWS调用签名到ElasticSearch但是响应始终是;
User: anonymous is not authorized to perform: es:ESHttpGet on resource:
我尝试了多个密钥对和IAM用户.
我们PHP中的调用是使用官方的elasticsearch-php客户端进行的,所有请求都是使用此处的连接器进行签名的.
下面显示的是我们如何构建ElasticSearch客户端并应用签名中间件;
$credentials = new Credentials('<KEY>', '<SECRET>');
$signature = new SignatureV4('es', 'eu-central-1');
$middleware = new AwsSignatureMiddleware($credentials, $signature);
$defaultHandler = ESClientBuilder::defaultHandler();
$awsHandler = $middleware($defaultHandler);
$clientBuilder = ESClientBuilder::create();
$clientBuilder
->setHandler($awsHandler)
->setHosts(['<URL>']);
$this->_client = $clientBuilder->build();
作为参考,我们试图访问的弹性搜索实例附带的策略是;
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"AWS": "arn:aws:iam::<IAM_USER>"
},
"Action": "es:*",
"Resource": "<RESOURCE>/*"
}
]
}
其他信息;