Я могу зарегистрировать S3 bucket в AWS Elasticsearch через экземпляр EC2 с помощью скрипта python, но когда я пытаюсь запустить тот же скрипт через лямбда-функцию AWS, он выдает мне следующую ошибку:
{"error":{"root_cause":[{"type":"a_w_s_security_token_service_exception","reason":"a_w_s_security_token_service_exception: Access denied (Service: AWSSecurityTokenService; Status Code: 403; Error Code: AccessDenied; Request ID: 24c17065-f7ad-11e8-a7da-8b9451ed722c)"}],"type":"blob_store_exception","reason":"Failed to check if blob [master.dat] exists","caused_by":{"type":"a_w_s_security_token_service_exception","reason":"a_w_s_security_token_service_exception: Access denied (Service: AWSSecurityTokenService; Status Code: 403; Error Code: AccessDenied; Request ID: 24c17065-f7ad-11e8-a7da-8b9451ed722c)"}},"status":500}
Ниже приведен скрипт Python, который я использую для регистрации корзины S3 в AWS Elasticsearch:
import json, boto3, requests
from requests_aws4auth import AWS4Auth
def lambda_handler(event, context):
# TODO implement
host = 'https://ELASTICSEARCH.DOMAIN.es.amazonaws.com/'
region = 'us-east-1'
service = 'es'
credentials = boto3.Session().get_credentials()
awsauth = AWS4Auth(credentials.access_key, credentials.secret_key, region, service, session_token=credentials.token)
# Register repository
path = '_snapshot/SNAPSHOT_REPO' # the Elasticsearch API endpoint
url = host + path
payload = {
"type": "s3",
"settings": {
"bucket": "fi3tst",
"region": "us-east-1",
"role_arn": "arn:aws:iam::ACCOUNT_NUMBER:role/ROLE_NAME"
}
}
headers = {"Content-Type": "application/json"}
r = requests.put(url, auth=awsauth, json=payload, headers=headers)
print(r.status_code)
print(r.text)