我有一个使用AWS Fargate部署的Spring Boot映像和使用AWS Elasticsearch Service部署的Elasticsearch集群。两者在同一个VPC和子网下。下面是Elasticsearch的访问策略:
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"AWS": "*"
},
"Action": "es:*",
"Resource": "arn:aws:es:ap-south-1:8655488xxxxx:domain/website-qa/*"
}
]
}
安全组:
Fargate:sg-test033f776d5fbed5c0000
Elasticsearch:sg-test0e5a570cbfc389e8555
子网:
Fargate:subnet-test025f49153cf245a2d11,subnet-test01f19783c005010f122,subnet-test076dfbba51d92d49033
Elasticsearch:ap-south-1a: subnet-test025f49153cf245a2d11
在elasticsearch的安全组下,我允许对端口443和9200使用Fargate的安全组。
下面是来自application。yml文件:
spring:
elasticsearch:
rest:
connection-timeout: 5000 #milliseconds
read-timeout: 5000 #milliseconds
uris: https://vpc-website-qa-xxxxxxxxxxxx.ap-south-1.es.amazonaws.com:9200
所以spring boot尝试连接到Elasticsearch,但得到java.net.UnknownHostException https://vpc-website-qa-xxxxxxxxxxxx.ap-south-1.es.amazonaws.com:9200
也尝试了端口443,但没有工作。为什么在Fargate集群上没有解析主机?我遗漏了什么?
根据评论
ES不使用9200端口。http只支持80端口,443端口只支持https。从文档:
Amazon ES只接受端口80 (HTTP)或443 (HTTPS)的连接.
另外spring-data-elasticsearch只期望域,所以不应该使用https。
删除https并使用443端口解决了这个问题。
uris: vpc-website-qa-xxxxxxxxxxxx.ap-south-1.es.amazonaws.com:443