我在执行在AWS环境中调用公共ES的lambda时遇到问题。此 lambda 由 HTTP API 网关事件执行。一切似乎都表明这是 lambda 尝试访问 ES 的权限问题,但我的无服务器配置似乎有效:
service: my-service
provider:
name: aws
runtime: dotnetcore2.1
stage: ${opt:stage, "Development"}
region: ${opt:region, "us-east-1"}
iamRoleStatements:
- Effect: "Allow"
Action:
- "lambda:invokeFunction"
Resource: "*"
- Effect: "Allow"
Action:
- es:ESHttpPost
- es:ESHttpPut
- es:ESHTTPGet
Resource: "arn:aws:es:us-east-1:account:domain/domain-name/*"
environment:
ES_ENDPOINT: ${file(appsettings.${self:provider.stage}.json):ES_ENDPOINT}
STAGE: ${self:provider.stage}
REGION: ${self:provider.region}
apiKeys:
- myservice-api-key
package:
individually: true
functions:
myservice_api:
handler: com.myservice::com.myservice.LambdaEntryPoint::FunctionHandlerAsync
package:
artifact: bin/release/netcoreapp2.1/myservice.zip
events:
- http:
path: /{proxy+}
method: ANY
cors: true
private: true
记录我的错误如下:
Invalid NEST response built from a unsuccessful (403) low level call on POST
OriginalException: Elasticsearch.Net.ElasticsearchClientException: Request failed to execute. Call: Status code 403 from: POST /index/_search?typed_keys=true
软件包版本: NEST 7.4.1
我终于解决了这个问题。我发现的内部异常是:"The request signature we calculated does not match the signature you provided. Check your AWS Secret Access Key and signing method. Consult the service documentation for details."。我通过将Elasticsearch.Net.Aws的版本从6.0.0更改为7.0.4来解决此问题。