我正在尝试通过部署在 EC2 实例上的 Java SDK 连接到 OpenSearchService。我尝试通过 aws configure 设置凭证,但收到以下错误消息:
Servlet.service() for servlet [dispatcherServlet] in context with path [] threw exception [Request processing failed: org.opensearch.client.opensearch._types.OpenSearchException: Request failed: [security_exception] authentication/authorization failure] with root cause
org.opensearch.client.opensearch._types.OpenSearchException: Request failed: [security_exception] authentication/authorization failure
这是我的 aws 配置列表的输出:
Name Value Type Location
---- ----- ---- --------
profile <not set> None None
access_key ****************2Y4Y shared-credentials-file
secret_key ****************NjjN shared-credentials-file
region ap-south-1 config-file ~/.aws/config
我的客户端设置如下:
@Bean
public OpenSearchClient getClient() {
SdkHttpClient httpClient = ApacheHttpClient.builder().build();
return new OpenSearchClient(
new AwsSdk2Transport(
httpClient,
host,
region,
AwsSdk2TransportOptions.builder().build()));
}
我能够从本地计算机连接到 opensearch 服务,但由于某种原因我无法通过 EC2 实例连接到它。
我的域上还启用了细粒度访问控制,并且我正在使用域级别访问策略,如下所示:
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"AWS": "*"
},
"Action": "es:*",
"Resource": "arn:aws:es:ap-south-1:************:domain/opensearch-domain/*"
}
]
}
我为此使用的临时解决方案是不让从 aws 配置中获取凭证,而是仅将其分配在配置类中:
@Bean
public OpenSearchClient getClient() {
AwsCredentialsProvider credentialsProvider =
StaticCredentialsProvider.create(AwsBasicCredentials.create(accessKey, secretKey));
SdkHttpClient httpClient = ApacheHttpClient.builder().build();
return new OpenSearchClient(
new AwsSdk2Transport(
httpClient,
host,
region,
AwsSdk2TransportOptions.builder().setCredentials(credentialsProvider).build()));
}