我将AWS ElasticSearch与Cognito结合使用,尝试登录时出现以下错误
Sorry!
Something went wrong during authentication between Kibana and Amazon Cognito.
What happened?
User: x:x:x::xx:x is not authorized to perform: es:ESHttpGet
我的AWS ES群集访问策略如下
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"AWS": "arn:aws:iam::xxxxxxxxx:role/service-role/CognitoAccessForAmazonES"
},
"Action": "es:ESHttp*",
"Resource": "arn:aws:es:xxxxxxx:xxxxxxx:domain/elastic-blah/*",
"Condition": {
"IpAddress": {
"aws:SourceIp": "xx.xx.xx.xx/32"
}
}
}
]
}
答案 0 :(得分:0)
this链接中所述的可能问题。确保经过身份验证的角色具有访问您的ES域的适当权限。
Amazon Cognito身份验证角色需要域(/ *)的es:ESHttp *权限才能访问和使用Kibana。检查是否已添加“允许身份验证的角色”中指定的访问策略。
答案 1 :(得分:0)
我遇到了同样的问题,从 Cognito 向 Auth 角色授予更多权限解决了这个问题。