Can't register snapshot repository in elasticsearch

layla · July 23, 2018, 9:55am

I would like to register snapshot repository in elasticsearch to S3 in order to backup my data. However, I got below error message when running my python script. Anyone can help? thanks!!

Here is the script:

import boto3
import requests
from requests_aws4auth import AWS4Auth

host = 'https://vpc-test-eqcwh2i6vu5m6btpqr6kv3ay7i.ap-southeast-1.es.amazonaws.com' # 
include https:// and trailing /
region = 'ap-southeast-1' # e.g. us-west-1
service = 'es'
credentials = boto3.Session().get_credentials()
awsauth = AWS4Auth(credentials.access_key, credentials.secret_key, region, service, 
session_token=credentials.token)

# Register repository

path = '_snapshot/test-es-backup' # the Elasticsearch API endpoint
url = host + path

payload = {
  "type": "s3",
  "settings": {
    "bucket": "test-es-backup",
    "region": "ap-southeast-1",
    "role_arn": "arn:aws:iam::639583313377:role/test-es-backup"
  }
}

headers = {"Content-Type": "application/json"}

r = requests.put('https://vpc-test-eqcwh2i6vu5m6btpqr6kv3ay7i.ap-southeast-1.es.amazonaws.com/_snapshot/test-es-backup', auth=awsauth, json=payload, headers=headers)

print(r.status_code)
print(r.text)

And here is the error:

    {"error":{"root_cause":[{"type":"a_w_s_security_token_service_exception","reason":"a_w_s_security_token_service_exception: User: arn:aws:sts::837541681674:assumed-role/cp-sts-grant-role/swift-ap-southeast-1-prod-639583313377 is not authorized to perform: sts:AssumeRole on resource: arn:aws:iam::639583313377:role/test-es-backup (Service: AWSSecurityTokenService; Status Code: 403; Error Code: AccessDenied; Request ID: ef33d47e-8e4c-11e8-92a4-83b263f2180f)"}],"type":"blob_store_exception","reason":"Failed to check if blob [master.dat-temp] exists","caused_by":{"type":"a_w_s_security_token_service_exception","reason":"a_w_s_security_token_service_exception: User: arn:aws:sts::837541681674:assumed-role/cp-sts-grant-role/swift-ap-southeast-1-prod-639583313377 is not authorized to perform: sts:AssumeRole on resource: arn:aws:iam::639583313377:role/test-es-backup (Service: AWSSecurityTokenService; Status Code: 403; Error Code: AccessDenied; Request ID: ef33d47e-8e4c-11e8-92a4-83b263f2180f)"}},"status":500}

`

system · August 20, 2018, 9:55am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.