My EC2 elasticsearch 2.4.6 cluster (hosted on amazon east data center) is having issues with the aws-cloud 2.4.6 plugin, I have configured my elasticsearch.yml file as instructed by configuration .
cloud:
aws:
access_key: XXX
secret_key: XXX
The S3 bucket is set up to have s3Full access.
I did a testing before my elasticsearch cluster upgrade, which was 1.7.6 version using aws-cloud plugin from this documentation -https://github.com/elastic/elasticsearch-cloud-aws. The snapshot and restore process was working perfectly fine until recently I upgraded my ES version to 2.4.6.
Here's the curl script I usually use to create s3_repository. PS, I can manually upload files to the s3 bucket using aws cli.
{ ~ } » curl -XPUT 'http://localhost:10557/_snapshot/s3_repository?pretty' -H 'Content-Type: application/json' -d' ~ { "type": "s3", "settings": { "bucket": "my-bucket", "region": "us-east", "access_key": "XXX", \"secret_key": "XXX" } } '
{
"error" : {
"root_cause" : [ {
"type" : "amazon_s3_exception",
"reason" : "amazon_s3_exception: Access Denied (Service: Amazon S3; Status Code: 403; Error Code: AccessDenied; Request ID: 3906E3E1E996060C)"
} ],
"type" : "repository_verification_exception",
"reason" : "[s3_repository] path is not accessible on master node",
"caused_by" : {
"type" : "i_o_exception",
"reason" : "i_o_exception: com.amazonaws.services.s3.model.AmazonS3Exception: Access Denied (Service: Amazon S3; Status Code: 403; Error Code: AccessDenied; Request ID: 3906E3E1E996060C), S3 Extended Request ID: Q/OWbf2aljoROoeLB48dfZ8YqBKzKw5JaQvpxrHwXXd4WT4qUp5nlHs8fCWKV19dIrCPXtW6Clo=",
"caused_by" : {
"type" : "amazon_s3_exception",
"reason" : "amazon_s3_exception: Access Denied (Service: Amazon S3; Status Code: 403; Error Code: AccessDenied; Request ID: 3906E3E1E996060C)"
}
}
},
"status" : 500
}
And in my s3 bucket, there is a test folder created but not the s3_repository.
Is anyone else having similar issues ?
My S3 policy was configured by a guy from aws admin team.
{
"Statement": [
{
"Action": [
"s3:ListBucket",
"s3:GetBucketLocation",
"s3:ListBucketMultipartUploads",
"s3:ListBucketVersions"
],
"Effect": "Allow",
"Resource": [
"arn:aws:s3:::BUCKET-NAME"
]
},
{
"Action": [
"s3:GetObject",
"s3:PutObject",
"s3:AbortMultipartUpload",
"s3:ListMultipartUploadParts"
],
"Effect": "Allow",
"Resource": [
"arn:aws:s3:::BUCKET-NAME",
"arn:aws:s3:::BUCKET-NAME/*"
]
}
],
"Version": "2012-10-17"
}