spring - 错误的请求签名。 AWS ElasticSearch

Question

当我想从索引中删除一个项目时，它失败并向我们显示错误的下一个轨迹:

org.springframework.data.elasticsearch.ElasticsearchException: Cannot execute jest action , response code : 403 , error : 403 Forbidden , message : The request signature we calculated does not match the signature you provided. Check your AWS Secret Access Key and signing method. Consult the service documentation for details.

我已经在ElasticsearchRepository存储库中创建了一个“removeBy ...”方法来从索引中删除项目:

public interface IndexSynonymRepository extends ElasticsearchRepository<IdxSynonym, Long> {
    void removeByIdDashboardAndIdTable(Long idDashBoard, Long idTable);
}

合并到我的JAVA项目中的版本如下:
POM配置版本:

<!-- Spring Data Jest ElasticSearch AWS -->
<dependency>
    <groupId>com.github.vanroy</groupId>
    <artifactId>spring-boot-starter-data-jest</artifactId>
    <version>2.3.1.RELEASE</version>
</dependency>

<!-- Spring Data ElasticSearch -->
<dependency>
    <groupId>org.springframework.data</groupId>
    <artifactId>spring-data-elasticsearch</artifactId>
    <version>2.1.1.RELEASE</version>
</dependency>

<!-- Jest -->
<dependency>
    <groupId>io.searchbox</groupId>
    <artifactId>jest</artifactId>
    <version>2.0.4</version>
</dependency>

<!-- ElasticSearch -->
<dependency>
    <groupId>org.elasticsearch</groupId>
    <artifactId>elasticsearch</artifactId>
    <version>2.4.4</version>
</dependency>

<!-- Spring Boot -->
<parent>
    <groupId>org.springframework.boot</groupId>
    <artifactId>spring-boot-starter-parent</artifactId>
    <version>1.5.2.RELEASE</version>
    <relativePath />
    <!-- lookup parent from repository -->
</parent>

<!-- Aws Signing Request Interceptor -->
<dependency>
    <groupId>vc.inreach.aws</groupId>
    <artifactId>aws-signing-request-interceptor</artifactId>
    <version>0.0.20</version>
    <scope>compile</scope>
    <exclusions>
      <exclusion>
          <artifactId>*</artifactId>
          <groupId>com.amazonaws</groupId>
      </exclusion>
    </exclusions>
</dependency>

我们在AWS中配置的角色策略如下:

Access Policy ElasticSearch:

{ "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Principal": { "AWS": "*" }, "Action": "es:*", "Resource": [ "arn:aws:es:us-east-1:XXXXXXXXXXXX:domain/my-domain/*", "arn:aws:es:us-east-1:XXXXXXXXXXXX:domain/my-domain" ] } ] }

EC2 Role Policy:

{ "Version": "2012-10-17", "Statement": [ { "Action": [ "es:*" ], "Resource": [ "arn:aws:es:us-east-1:XXXXXXXXXXXX:domain/my-domain", "arn:aws:es:us-east-1:XXXXXXXXXXXX:domain/my-domain/*" ], "Effect": "Allow" } ] }
我不知道这是许可证问题还是在签署申请时出错。

我需要帮助来解决这个问题。提前非常感谢您。

Answer 1

配置VPC访问后，使用ES访问策略模板时，不需要aws-signing-request-interceptor:



您可以通过ES安全组配置访问。您应该添加一个入站规则，如下所示:

Type: HTTPS
Protocol: TCP
Port: 443
Source: sg-abcdefghijklmno (Your EC2 instance Security group)

希望这可以帮助