AWS Elasticsearch 사용시 Not able to access cluster health and indices 이슈 해결방안
.
Data_Engineering_TIL(20200729)
이슈 요약
AWS elasticsearch 도메인을 생성하고, 콘솔에 접근 시 아래 그림과 같이 클러스터 헬스나 indices 등 일부 접근권한 문제 확인
증상
Elasticsearch 콘솔에서 cluster heath 메뉴 접근 시 아래와 같은 애러 메세지 확인
/_cluster/health: {"error":{"root_cause":[{"type":"security_exception","reason":"no permissions for [cluster:monitor/health] and User [name=arn:aws:iam::0000000000:user/000000, backend_roles=[], requestedTenant=null]"}],"type":"security_exception","reason":"no permissions for [cluster:monitor/health] and User [name=arn:aws:iam::0000000000:user/00000, backend_roles=[], requestedTenant=null]"},"status":403}
Elasticsearch 콘솔에서 indices 메뉴 접근 시 아래와 같은 애러 메세지 확인
/_mapping: {"error":{"root_cause":[{"type":"security_exception","reason":"no permissions for [indices:admin/mappings/get] and User [name=arn:aws:iam::0000000000:user/000000, backend_roles=[], requestedTenant=null]"}],"type":"security_exception","reason":"no permissions for [indices:admin/mappings/get] and User [name=arn:aws:iam::0000000000:user/000000, backend_roles=[], requestedTenant=null]"},"status":403}
해결방안
AWS Developer Forums “Not able to access cluster health and indices” 글 참고
URL : https://forums.aws.amazon.com/thread.jspa?messageID=939690&tstart=0
이슈내용
I have created a ES domain and it is in active state now . I am able to access Kibana and also manually push data into ES.
But I am unable to access the cluster health and Indices tabs in console.. It throws below error , when I open it.
For cluster health:
/_cluster/health: {"error":{"root_cause":[{"type":"security_exception","reason":"no permissions for cluster:monitor/health and User https://forums.aws.amazon.com/, requestedTenant=null]"}],"type":"security_exception","reason":"no permissions for cluster:monitor/health and User https://forums.aws.amazon.com/, requestedTenant=null]"},"status":403}
For indices:
/_mapping: {"error":{"root_cause":[{"type":"security_exception","reason":"no permissions for indices:admin/mappings/get and User https://forums.aws.amazon.com/, requestedTenant=null]"}],"type":"security_exception","reason":"no permissions for indices:admin/mappings/get and User https://forums.aws.amazon.com/, requestedTenant=null]"},"status":403}
해결방안
I was getting the same error and I solved giving my IAM user permission inside kibana:
1- in you elastic search console, tab overview, click in the Kibana link
2-Once logged in Kibana click in the security menu option
3- Go to Role Mapping option
4- choose the role all_access and click in EDIT
5- add you IAM ARN (you can get in the AWS IAM summary for your user) arn:aws:iam::********:user/USER_NAME
아래 그림과 같이 키바나에서 특정계정에 대한 권한을 부여하면 elasticsearch 콘솔의 문제가 되었던 정보를 조회할 수 있다.
