AWS - The server name or address could not be resolved

[Neuroforge]

Hello,

I am experiencing problems with AWS and Elastic Search using this client.

I have tried with the VPC endpoint and the Kinbana endpoint defined in the AWS Console for the Elastic Search Instance. Could you direct me as to what i am doing wrong?

NEST Version: 6.2 Elastic Search Version: 6.3

Invalid NEST response built from a unsuccessful low level call on HEAD: /_plugin/kibana/ Audit trail of this API call:

• [1] BadRequest: Node: https://vpc-xxxx-elastic-search-lto7xxxxxxxxxx.us-west-1.es.amazonaws.com/_plugin/kibana/ Took: 00:00:00.4433711 OriginalException: System.Net.Http.HttpRequestException: An error occurred while sending the request. ---> System.Net.Http.WinHttpException: The server name or address could not be resolved at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() at System.Threading.Tasks.RendezvousAwaitable`1.GetResult() at System.Net.Http.WinHttpHandler.d__105.MoveNext() --- End of inner exception stack trace ---

Code

  var httpConnection = new Elasticsearch.Net.Aws.AwsHttpConnection("us-west-1", new Elasticsearch.Net.Aws.StaticCredentialsProvider(new Elasticsearch.Net.Aws.AwsCredentials
            {
                AccessKey = _awsSettings.AwsS3AccessKey,
                SecretKey = _awsSettings.AwsS3AccessSecret,
            }));

            var pool = new SingleNodeConnectionPool(new Uri(_esSettings.ElasticSearchURL));

            _esNode = new Uri(_esSettings.ElasticSearchURL);
            _esConfig = new ConnectionSettings(pool, httpConnection)
                        .DefaultIndex(_esSettings.ElasticSearchVideoIndex)
                        .DefaultMappingFor<VideoDocument>(i => i
                            .TypeName(_esSettings.ElasticSearchVideoIndexType)
                        );
            _esConfig.DisableDirectStreaming();
            _esClient = new ElasticClient(_esConfig);
            var pingResponse = _esClient.Ping();

I have tried to use _esConfig.DisableDirectStreaming();

[bcuff]

If DNS is failing to resolve it likely isn't an issue with signing. Here are some possibilities:

• If you're using a VPC endpoint then your client may be attempting to resolve the endpoint outside the VPC.
• The host name is wrong some how.
• Your security group configuration prevents DNS resolution. Ensure that egress traffic is allowed for DNS resolution.

[Neuroforge]

Ok. So i made a new domain which is public.

When i open the endpoint in my browser i get....

{"Message":"User: anonymous is not authorized to perform: es:ESHttpGet"} EXCELLENT!!!

When i do the Ping via NEST it appears to now have a 403 error.

FailureReason: BadResponse while attempting HEAD on https://search-xxxxxxxxx.us-west-1.es.amazonaws.com/ Audit trail of this API call:

• [1] BadResponse: Node: https://search-xxxxxxxxx.us-west-1.es.amazonaws.com/ Took: 00:00:01.0178619

The access policy is as follows which i believe should allow read/write. Ping should work, unless i'm missing something.

{ "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Principal": { "AWS": "arn:aws:iam::xxxxxxxxx:user/QDNUser" }, "Action": "es:", "Resource": "arn:aws:es:us-west-1:xxxxxxxxx:domain/quench-es/" } ] }

The IAM user is configured to have AdministratorAccess which includes ElasticSearch Service Full Access.

[bcuff]

You may be missing an asterisk at the end of the resource. See this example from these docs

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Principal": {
        "AWS": [
          "arn:aws:iam::123456789012:user/test-user"
        ]
      },
      "Action": [
        "es:*"
      ],
      "Resource": "arn:aws:es:us-west-1:987654321098:domain/test-domain/*"
    }
  ]
}

[bcuff]

Closing this (housekeeping)