HI.
I'm trying to register S3 repository to ES(v.2.4) which is docker container running on AWS ECS cluster instance.
config/elasticsearch.yml
repositories:
s3:
bucket: "my.bucket"
region: "ap-northeast-1"
S3 bucket policy
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"AWS": "arn:aws:iam::role/ecs-task-role"
},
"Action": [
"s3:ListBucket",
"s3:GetBucketLocation",
"s3:ListBucketMultipartUploads",
"s3:ListBucketVersions"
],
"Resource": "arn:aws:s3:::my.bucket"
},
{
"Effect": "Allow",
"Principal": {
"AWS": "arn:aws:iam::role/ecs-task-role"
},
"Action": [
"s3:GetObject",
"s3:PutObject",
"s3:DeleteObject",
"s3:AbortMultipartUpload",
"s3:ListMultipartUploadParts"
],
"Resource": "arn:aws:s3:::my.bucket/*"
}
]
}
I gave S3FullAccess to ECS task roll.
GET _nodes/?pretty
...
"repositories": {
"s3": {
"bucket": "my.bucket",
"region": "ap-northeast-1"
}
...
GET _snapshot/?pretty
{}
I got an error like this, when I tried to register repository.
PUT _snapshot/s3_snapshot_repository
{
"type": "s3",
"settings": {
"bucket": "my.bucket",
"region": "ap-northeast-1"
}
}
{
"error": {
"root_cause": [
{
"type": "repository_verification_exception",
"reason": "[s3_snapshot_repository] path is not accessible on master node"
}
],
"type": "repository_verification_exception",
"reason": "[s3_snapshot_repository] path is not accessible on master node",
"caused_by": {
"type": "i_o_exception",
"reason": "Unable to upload object tests-Xa3F_VHATDuJ45kz5jo6rg/master.dat-temp",
"caused_by": {
"type": "amazon_s3_exception",
"reason": "Access Denied (Service: Amazon S3; Status Code: 403; Error Code: AccessDenied"
}
}
},
"status": 500
}
However, test files were generated to S3 bucket.
What should I do to solve this error?