我正在尝试将我在AWS上的ElasticSearch集群备份到S3存储桶。
我遵循了以下“教程”:Use Amazon S3 to Store a Single Amazon Elasticsearch Service Index
这些是我采取的步骤:
创建一个S3存储桶(称为cb-search-es-backup)。
创建新政策(名为P_ES_SNAPSHOT_TO_S3):
{
"Statement": [
{
"Action": [
"s3:ListBucket",
"s3:GetBucketLocation",
"s3:ListBucketMultipartUploads",
"s3:ListBucketVersions"
],
"Effect": "Allow",
"Resource": [
"arn:aws:s3:::cb-search-es-backup"
]
},
{
"Action": [
"s3:GetObject",
"s3:PutObject",
"s3:DeleteObject",
"s3:AbortMultipartUpload",
"s3:ListMultipartUploadParts"
],
"Effect": "Allow",
"Resource": [
"arn:aws:s3:::cb-search-es-backup/*"
]
}
],
"Version": "2012-10-17"
}
创建服务角色,将之前创建的策略附加到其中 ARN:AWS:IAM :: 12345678910:角色/ Role_ES_TO_S3
角色的信任政策:
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"Service": "ec2.amazonaws.com"
},
"Action": "sts:AssumeRole"
},
{
"Effect": "Allow",
"Principal": {
"Service": "es.amazonaws.com"
},
"Action": "sts:AssumeRole"
}
]
}
在Kibana中,我尝试在开发工具中使用以下内容:
PUT /_snapshot/ES_BACKUP
{
"type": "s3",
"settings": {
"bucket": "cb-search-es-backup",
"region": "eu-west-1",
"role_arn": "arn:aws:iam::423628447134:role/Role_ES_TO_S3"
}
}
但我从kibana收到以下回复:
{“消息”:“用户:匿名无权执行: iam:资源上的PassRole:arn:aws:iam :: 12345678910:role / Role_ES_TO_S3“ }
答案 0 :(得分:0)
kibana出现了相同的错误。尝试使用aws-es-proxy进行备份。
如果您要使用docker映像,请通过如下所示的AWS访问凭证:
docker run --rm -it -p 9200:9200 -e "AWS_ACCESS_KEY_ID=XXXXXXXXXXXXXXXXX" -e "AWS_SECRET_ACCESS_KEY=YYYYYYYYYYYYYYYYYYYYYYYYY" abutaha/aws-es-proxy ./aws-es-proxy -verbose -listen 0.0.0.0:9200 -endpoint https://enpoint-url