Accessing Kibana of AWS ElasticSearch by Gateway using AWS IAM

0
votes

I'm studying about ELK Stack and AWS Gateway.

I created AWS ElasticSearch and set this access policy: { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Principal": { "AWS": "arn:aws:iam::[AWS account ID]:root" }, "Action": "es:*", "Resource": "arn:aws:es:sa-east-1:[AWS account ID]:domain/camarar-elk/*" } ] }

PS: I try to use with this policy too: { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Principal": { "AWS": "arn:aws:iam::[AWS account ID]:user/[User]" }, "Action": "es:*", "Resource": "arn:aws:es:sa-east-1:[AWS account ID]:domain/camarar-elk/*" } ] }

After, I created an AWS API Gateway using http proxy and GET method to route all request to Kibana url. And in this Gateway I using one AWS IAM to access Kibana.

Finally, I created an user of AWS IAM with this policy "AmazonESFullAccess".

All the time I received the same error:{"Message":"User: anonymous is not authorized to perform: es:ESHttpGet on resource: camarar-elk"}

Anybody could you please help me to resolve this problem?

2
elasticsearchamazon-iamaws-api-gatewayamazon-elasticsearch
Did you ever figure it out? - justin.m.chase
You can also use a proxy service such as www,iamproxy.com Disclosure: I am the author of this. - Konstantin Schubert

2 Answers

1
votes

I'm already using a policy with this action("Action": "es:*") because I wrote wrong in my question.

My actual policy in Elasticsearch:

{ "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Principal": { "AWS": "arn:aws:iam::[AWS account ID]:root" }, "Action": "es:*", "Resource": "arn:aws:es:sa-east-1:[AWS account ID]:domain/camarar-elk/*" } ] }

0
votes

"Action": "es:",

I believe this is your problem. You'll have to either specify an action like es:ESHttpGet or allow all actions with es:*