search

jarpy / lambkin

CLI tool for generating and managing simple functions in AWS Lambda
Apache License 2.0
74 stars 12 forks source link

Does lambkin support AWS Signature Version 4 Signing Process? #8

Closed kforsthoevel closed 7 years ago

kforsthoevel commented 7 years ago

I would like to access AWS Elasticsearch Service via Lambda function, but I get this error:

{"stackTrace": [["/var/task/serverless-curator.py", 43, "handler", "index_list = curator.IndexList(es)"], ["/var/task/curator/indexlist.py", 30, "__init__", "self.__get_indices()"], ["/var/task/curator/indexlist.py", 65, "__get_indices", "self.all_indices = get_indices(self.client)"], ["/var/task/curator/utils.py", 372, "get_indices", "raise FailedExecution('Failed to get indices. Error: {0}'.format(e))"]], "errorType": "FailedExecution", "errorMessage": "Failed to get indices. Error: TransportError(403, u'{\"Message\":\"User: anonymous is not authorized to perform: es:ESHttpGet on resource: XXX\"}')"}

Access policy for elasticsearch domain is: 

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Principal": {
        "AWS": "arn:aws:iam::XXX:role/XXX"
      },
      "Action": "es:*",
      "Resource": "arn:aws:es:eu-west-1:XXX:domain/XXX/*"
    }
  ]
}

The role is assigned to the Lambda function. Am I missing something? Maybe someone has a clue? Thanks.

jarpy commented 7 years ago

Hi.

That error appears to be triggered when the Curator Library is trying to connect to the AWS Elasticsearch service. Once the function is published and running, Lambkin is out of the picture, so I think this is more a question for Curator than for Lambkin.

Be aware that there are known limitations with Amazon's Elasticsearch service that cause trouble for Curator 4. So even if you make it past the authorization problem, I don't think you will be able to get Curator 4 working with that service (though Curator 3 reportedly works).

I assume (forgive me) that you are following my blog on running "serverless curator"? I wrote and tested that article for Elastic's official cloud offering. It provides the latest Elasticsearch and exposes the full API for Curator 4 to use.

kforsthoevel commented 7 years ago

Thanks @jarpy, I will try to use Curator 3. And yes, I have been following your great blog post :-).