我正在尝试将AWS上的ElasticSearch集群备份到S3存储桶。
我遵循了以下“教程”:
Use Amazon S3 to Store a Single Amazon Elasticsearch Service Index
以下是我采取的步骤:
创建一个S3存储桶(称为cb search es backup)。
创建新策略(称为P_ES_SNAPSHOT_TO_S3):
{
"Statement": [
{
"Action": [
"s3:ListBucket",
"s3:GetBucketLocation",
"s3:ListBucketMultipartUploads",
"s3:ListBucketVersions"
],
"Effect": "Allow",
"Resource": [
"arn:aws:s3:::cb-search-es-backup"
]
},
{
"Action": [
"s3:GetObject",
"s3:PutObject",
"s3:DeleteObject",
"s3:AbortMultipartUpload",
"s3:ListMultipartUploadParts"
],
"Effect": "Allow",
"Resource": [
"arn:aws:s3:::cb-search-es-backup/*"
]
}
],
"Version": "2012-10-17"
}
创建服务角色,将先前创建的策略附加到该角色
角色的信任策略:
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"Service": "ec2.amazonaws.com"
},
"Action": "sts:AssumeRole"
},
{
"Effect": "Allow",
"Principal": {
"Service": "es.amazonaws.com"
},
"Action": "sts:AssumeRole"
}
]
}
在Kibana中,我尝试在开发工具中使用以下内容:
PUT /_snapshot/ES_BACKUP
{
"type": "s3",
"settings": {
"bucket": "cb-search-es-backup",
"region": "eu-west-1",
"role_arn": "arn:aws:iam::423628447134:role/Role_ES_TO_S3"
}
}
但我收到了kibana的以下回复:
{“消息”:“用户:匿名”无权执行:
iam:PassRole on resource:arn:aws:iam::12345678910:role/role\u ES\u TO\u S3“
