当我想从索引中删除一个项目时,它失败并向我们显示错误的下一个轨迹:
org.springframework.data.elasticsearch.ElasticsearchException: Cannot execute jest action , response code : 403 , error : 403 Forbidden , message : The request signature we calculated does not match the signature you provided. Check your AWS Secret Access Key and signing method. Consult the service documentation for details.
我已经在ElasticsearchRepository存储库中创建了一个“removeBy ...”方法来从索引中删除项目:
public interface IndexSynonymRepository extends ElasticsearchRepository<IdxSynonym, Long> {
void removeByIdDashboardAndIdTable(Long idDashBoard, Long idTable);
}
合并到我的JAVA项目中的版本如下:
POM配置版本:
<!-- Spring Data Jest ElasticSearch AWS -->
<dependency>
<groupId>com.github.vanroy</groupId>
<artifactId>spring-boot-starter-data-jest</artifactId>
<version>2.3.1.RELEASE</version>
</dependency>
<!-- Spring Data ElasticSearch -->
<dependency>
<groupId>org.springframework.data</groupId>
<artifactId>spring-data-elasticsearch</artifactId>
<version>2.1.1.RELEASE</version>
</dependency>
<!-- Jest -->
<dependency>
<groupId>io.searchbox</groupId>
<artifactId>jest</artifactId>
<version>2.0.4</version>
</dependency>
<!-- ElasticSearch -->
<dependency>
<groupId>org.elasticsearch</groupId>
<artifactId>elasticsearch</artifactId>
<version>2.4.4</version>
</dependency>
<!-- Spring Boot -->
<parent>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-parent</artifactId>
<version>1.5.2.RELEASE</version>
<relativePath />
<!-- lookup parent from repository -->
</parent>
<!-- Aws Signing Request Interceptor -->
<dependency>
<groupId>vc.inreach.aws</groupId>
<artifactId>aws-signing-request-interceptor</artifactId>
<version>0.0.20</version>
<scope>compile</scope>
<exclusions>
<exclusion>
<artifactId>*</artifactId>
<groupId>com.amazonaws</groupId>
</exclusion>
</exclusions>
</dependency>
我们在AWS中配置的角色策略如下:
Access Policy ElasticSearch:
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"AWS": "*"
},
"Action": "es:*",
"Resource": [
"arn:aws:es:us-east-1:XXXXXXXXXXXX:domain/my-domain/*",
"arn:aws:es:us-east-1:XXXXXXXXXXXX:domain/my-domain"
]
}
]
}
EC2 Role Policy:
{
"Version": "2012-10-17",
"Statement": [
{
"Action": [
"es:*"
],
"Resource": [
"arn:aws:es:us-east-1:XXXXXXXXXXXX:domain/my-domain",
"arn:aws:es:us-east-1:XXXXXXXXXXXX:domain/my-domain/*"
],
"Effect": "Allow"
}
]
}
我不知道这是许可证问题还是在签署申请时出错。
我需要帮助来解决这个问题。提前非常感谢您。
最佳答案
配置VPC访问后,使用ES访问策略模板时,不需要aws-signing-request-interceptor:
您可以通过ES安全组配置访问。您应该添加一个入站规则,如下所示:
Type: HTTPS
Protocol: TCP
Port: 443
Source: sg-abcdefghijklmno (Your EC2 instance Security group)
希望这可以帮助
关于spring - 错误的请求签名。 AWS ElasticSearch,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/52607752/