I have configured the AWS ES and logstash. and granted the default full AWS policy(AmazonESFullAccess) to the user still I am getting 403 error.
my filebeats and logstash are running in same host
here are the configuration property details.
logstash.conf
input {
beats {
port => 5044
codec => "json"
}
}
output {
if [fields][product] == "hive"
{
amazon_es {
hosts => "search-*********:443"
region => "us-east-1"
aws_access_key_id => 'my_aws_access_key_id'
aws_secret_access_key => 'my_aws_secret_access_key'
index => "Hive-logs-%{+YYYY.MM.dd}"
}
}
else
{
amazon_es {
hosts => "END POINT URL FROM AWS ES :443"
}
}
}
my access policy from AWS ES
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "",
"Effect": "Allow",
"Principal": {
"AWS": ""
},
"Action": "es:",
"Resource": "arn:aws:********/",
"Condition": {
"IpAddress": {
"aws:SourceIp": [
"mylogstash_hostname",
"/32",
"*/32"
]
}
}
}
]
}
complete error
[WARN ] 2019-12-19 14:36:10.040 [Ruby-0-Thread-6: :1] elasticsearch - Attempted to resurrect connection to dead ES instance, but got an error. {:url=>"https://search-aws-****:443/", :error_type=>LogStash::Outputs::ElasticSearch::HttpClient::Pool::BadResponseCodeError, :error=>"Got response code '403' contacting Elasticsearch at URL 'https://search-*****:443/'"}
Any quick help really appreciated