问题描述
https://datameetgeobk.s3.amazonaws.com/cftemplates/EyeOfCustomer_updated.yaml.txt
启用细粒度访问控制或应用限制性访问 您的域的策略(服务:AWSElasticsearch;状态代码:400; 错误代码:ValidationException
这只是一个测试服务器,我不想使用“高级”安全选项来保护它。
解决方法
您收到的错误是因为Amazon在其release in February 2020中启用了细粒度的访问控制。
您可以为群集启用VPCOptions并创建一个子网+安全组,并允许通过该安全组进行访问。添加VPC ID作为参数,例如pVpc(在这种情况下为默认VPC)
- 添加vpc参数
pVpc:
Description: VPC ID
Type: String
Default: default-xxadssad - your default vpc id
- 添加子网和安全组
ESSubnetA:
Type: AWS::EC2::Subnet
Properties:
VpcId:
Ref: !Ref pVpc
AvailabilityZone: ${self:provider.region}a
CidrBlock: !Ref pVpcCIDR
Tags:
- Key: Name
Value: es-subneta
ESSecurityGroup:
Type: AWS::EC2::SecurityGroup
Properties:
GroupDescription: SecurityGroup for Elasticsearch
VpcId:
Ref: !Ref pVpc
SecurityGroupIngress:
- FromPort: '443'
IpProtocol: tcp
ToPort: '443'
CidrIp: 0.0.0.0/0
Tags:
- Key: Name
Value: es-sg
- 启用VPCOptions
VPCOptions:
SubnetIds:
- !Ref ESSubnetA
SecurityGroupIds:
- !Ref ESSecurityGroup