如何解决使用CloudFormation模板的可公开访问的Elasticsearch实例
我可以使用控制台使用下面提到的选项创建一个弹性实例:
Network configuration: Public access
Fine Grained access control - enabled
Create Master user: selected
Master Username: root
Master Password: PassWord152)
Domain access policy: Allow open access
这里是一个例子:
如何使用这些参数创建cloudformation模板?
更新:
DomainName: !Ref DomainName
Elasticsearch创建了一个与该行相矛盾的新随机名称...
“资源”: “ arn:aws:es:$ {AWS :: Region}:$ {AWS :: AccountId}:domain / $ {DomainName} / *”
然后出现AccessDenied错误。添加“ DomainName”参数后,它可以正常工作。
解决方法
您可以检查以下模板(可能需要根据需要进行调整):
---
Parameters:
InstanceType:
Type: String
Default: c4.large.elasticsearch
DomainName:
Type: String
Default: my-es-domain
MasterUserName:
Type: String
Default: root
MasterUserPassword:
Type: String
NoEcho: true
Default: PassWord152)
Resources:
MyESDomain:
Type: AWS::Elasticsearch::Domain
Properties:
DomainName: !Ref DomainName
AccessPolicies: !Sub |
{
"Version": "2012-10-17","Statement": [
{
"Effect": "Allow","Principal": {
"AWS": "*"
},"Action": "es:*","Resource": "arn:aws:es:${AWS::Region}:${AWS::AccountId}:domain/${DomainName}/*"
}
]
}
AdvancedSecurityOptions:
Enabled: true
InternalUserDatabaseEnabled: true
MasterUserOptions:
MasterUserName: !Ref MasterUserName
MasterUserPassword: !Ref MasterUserPassword
EncryptionAtRestOptions:
Enabled: true
NodeToNodeEncryptionOptions:
Enabled: true
DomainEndpointOptions:
EnforceHTTPS: true
EBSOptions:
EBSEnabled: true
VolumeSize: 20
VolumeType: gp2
ElasticsearchClusterConfig:
DedicatedMasterEnabled: false
InstanceCount: 1
InstanceType: !Ref InstanceType
ZoneAwarenessEnabled: false
ElasticsearchVersion: 7.7
Outputs:
Id:
Value: !Ref MyESDomain
Arn:
Value: !GetAtt MyESDomain.Arn
DomainArn:
Value: !GetAtt MyESDomain.DomainArn
DomainEndpoint:
Value: !GetAtt MyESDomain.DomainEndpoint
KibanaEndpoint:
Value: !Sub "${MyESDomain.DomainEndpoint}/_plugin/kibana/"
版权声明:本文内容由互联网用户自发贡献,该文观点与技术仅代表作者本人。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌侵权/违法违规的内容, 请发送邮件至 dio@foxmail.com 举报,一经查实,本站将立刻删除。