I would like to register snapshot repository in elasticsearch to S3 in order to backup my data. However, I got below error message when running my python script. Anyone can help? thanks!!
Here is the script:
import boto3
import requests
from requests_aws4auth import AWS4Auth
host = 'https://vpc-test-eqcwh2i6vu5m6btpqr6kv3ay7i.ap-southeast-1.es.amazonaws.com' #
include https:// and trailing /
region = 'ap-southeast-1' # e.g. us-west-1
service = 'es'
credentials = boto3.Session().get_credentials()
awsauth = AWS4Auth(credentials.access_key, credentials.secret_key, region, service,
session_token=credentials.token)
# Register repository
path = '_snapshot/test-es-backup' # the Elasticsearch API endpoint
url = host + path
payload = {
"type": "s3",
"settings": {
"bucket": "test-es-backup",
"region": "ap-southeast-1",
"role_arn": "arn:aws:iam::639583313377:role/test-es-backup"
}
}
headers = {"Content-Type": "application/json"}
r = requests.put('https://vpc-test-eqcwh2i6vu5m6btpqr6kv3ay7i.ap-southeast-1.es.amazonaws.com/_snapshot/test-es-backup', auth=awsauth, json=payload, headers=headers)
print(r.status_code)
print(r.text)
And here is the error:
{"error":{"root_cause":[{"type":"a_w_s_security_token_service_exception","reason":"a_w_s_security_token_service_exception: User: arn:aws:sts::837541681674:assumed-role/cp-sts-grant-role/swift-ap-southeast-1-prod-639583313377 is not authorized to perform: sts:AssumeRole on resource: arn:aws:iam::639583313377:role/test-es-backup (Service: AWSSecurityTokenService; Status Code: 403; Error Code: AccessDenied; Request ID: ef33d47e-8e4c-11e8-92a4-83b263f2180f)"}],"type":"blob_store_exception","reason":"Failed to check if blob [master.dat-temp] exists","caused_by":{"type":"a_w_s_security_token_service_exception","reason":"a_w_s_security_token_service_exception: User: arn:aws:sts::837541681674:assumed-role/cp-sts-grant-role/swift-ap-southeast-1-prod-639583313377 is not authorized to perform: sts:AssumeRole on resource: arn:aws:iam::639583313377:role/test-es-backup (Service: AWSSecurityTokenService; Status Code: 403; Error Code: AccessDenied; Request ID: ef33d47e-8e4c-11e8-92a4-83b263f2180f)"}},"status":500}
`