Nikesh
(Nikesh)
March 8, 2019, 7:25am
1
Hi,
I am working on Backup and Restore using s3 on my 4 node cluster.
According to the documentation I first added access_key and secret_key using keystore :
bin/elasticsearch-keystore add s3.client.default.access_key
bin/elasticsearch-keystore add s3.client.default.secret_key
Next, I tried creating repository using Command
PUT http://11.51.1.121:9998/_snapshot/my_s3_repository
{
"type": "s3",
"settings": {
"bucket": "bucket_name"
}
}
But this very initial stage is failing and an error is throw i.e.,
{
"error": {
"root_cause": [
{
"type": "amazon_s3_exception",
"reason": "amazon_s3_exception: Access Denied (Service: Amazon S3; Status Code: 403; Error Code: AccessDenied; Request ID: AD129AE011109481; S3 Extended Request ID: WOV0JSl3gf+DwUvArwZnEW7D5XvDeRNhjd8TGFJ84JSCTtLfidqDfLv0Uz8s4QiB0hFq0ygxZjc=)"
}
],
"type": "amazon_s3_exception",
"reason": "amazon_s3_exception: Access Denied (Service: Amazon S3; Status Code: 403; Error Code: AccessDenied; Request ID: AD129AE011109481; S3 Extended Request ID: WOV0JSl3gf+DwUvArwZnEW7D5XvDeRNhjd8TGFJ84JSCTtLfidqDfLv0Uz8s4QiB0hFq0ygxZjc=)"
},
"status": 500
}
I am using Elasticsearch version 6.4.0
What are the other settings that I am missing, if any?
Or is there any access issues that I am missing here? If so, how can I know what I am missing?
Hi,
did you set the grant on your IAM role for your instance?
I often mess this step and get this error.
Nikesh
(Nikesh)
March 8, 2019, 7:54am
3
Thanks gabriel for the response
How do you set the grant on my IAM role for my instances?
First result in google:
Permissions let you specify access to AWS resources. Permissions are granted to IAM entities (users, groups, and roles) and by default these entities start with no permissions. In other words, IAM entities can do nothing in AWS until you grant them...
Hope it can help.
More here:
Nikesh
(Nikesh)
March 8, 2019, 7:59am
5
Yes, It sure helps Gabriel!
Could you please tell me what are the ideal Permissions that has to be provided?
Here the resource I used to configure mine:
Nikesh
(Nikesh)
March 8, 2019, 9:08am
7
Thanks for sharing these links Gabriel
I am not able to download aws-cloud plugin of Elasticsearch.
It says unknown plugin cloud-aws
I am currently using Elasticsearch version 6.4.0
Has these settings differ with my version?
The blog post linked above is rather old, and that plugin no longer exists. The reference manual describes how to do this in more recent versions of Elasticsearch.
1 Like
Nikesh
(Nikesh)
March 11, 2019, 5:53am
9
Thanks David for your response.
I indeed used the same documentation as I mentioned in my question.
Let me tell you the process I employed.
Installed S3 repository plugin using : sudo bin/elasticsearch-plugin install repository-s3
Added AWS access key settings to the keystore.
bin/elasticsearch-keystore add s3.client.default.access_key
bin/elasticsearch-keystore add s3.client.default.secret_key
Created a repository using the following
PUT _snapshot/my_s3_repository
{
"type": "s3",
"settings": {
"bucket": "my_bucket"
}
}
This is providing me the error,
{
"error": {
"root_cause": [
{
"type": "amazon_s3_exception",
"reason": "amazon_s3_exception: Access Denied (Service: Amazon S3; Status Code: 403; Error Code: AccessDenied; Request ID: AD129AE011109481; S3 Extended Request ID: WOV0JSl3gf+DwUvArwZnEW7D5XvDeRNhjd8TGFJ84JSCTtLfidqDfLv0Uz8s4QiB0hFq0ygxZjc=)"
}
],
"type": "amazon_s3_exception",
"reason": "amazon_s3_exception: Access Denied (Service: Amazon S3; Status Code: 403; Error Code: AccessDenied; Request ID: AD129AE011109481; S3 Extended Request ID: WOV0JSl3gf+DwUvArwZnEW7D5XvDeRNhjd8TGFJ84JSCTtLfidqDfLv0Uz8s4QiB0hFq0ygxZjc=)"
},
"status": 500
}
Please tell me what Am I missing here?
Nikesh:
"bucket": "my_bucket"
Is my_bucket
the name of your bucket?
Nikesh
(Nikesh)
March 11, 2019, 10:07am
11
No.
This is just an example. I have my actual bucket name mentioned under it
Have you configured your IAM permissions as per the manual ?
Nikesh
(Nikesh)
March 12, 2019, 5:50am
13
Thanks David for the response.
My whole problem lied in IAM Permissions
Now the Backup and restore process is working fine.
1 Like
system
(system)
Closed
April 9, 2019, 5:50am
14
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.