403 forbidden error when getting indexes from AWS Elastic Search using the AWS SDK
I’m using the AWS SDK to connect to Elasticsearch. I’m following https://docs.aws.amazon.com/elasticsearch-service/latest/developerguide/es-indexing.html
Other issues in this topic are more like permissions issues or problems when writing to Elasticsearch. Writing works fine for me, only reading gives me errors
The POST method works fine, it is adding indexes. I’m making a GET search request in the same way
public void getIndexedRecords(String index,String type,String id,String documentJSON){
try {
String endpoint = host +"/" +index+"/_search" ;
Builds the request. We need an AWS service, URI, HTTP method, and request
body (in this case, JSON).
Request<?> request = new DefaultRequest<Void>(service);
request.setEndpoint(new URI(endpoint));
request.setHttpMethod(HttpMethodName.GET);
request.setContent(new ByteArrayInputStream(documentJSON.getBytes()));
Retrieves our credentials from the computer. For more information on where
this class looks for credentials, see
http://docs.aws.amazon.com/AWSJavaSDK/latest/javadoc/com/amazonaws/auth/DefaultAWSCredentialsProviderChain.html.
String accessKey = CommonUtils.getCommonProperty("accessKey", "");
String secretKey = CommonUtils.getCommonProperty("secretKey", "");;
AWSCredentials creds = new BasicAWSCredentials(accessKey, secretKey);
Signs the request using our region, service, and credentials. AWS4Signer
modifies the original request rather than returning a new request.
AWS4Signer signer = new AWS4Signer();
signer.setRegionName(region);
signer.setServiceName(service);
signer.sign(request, creds);
request.addHeader("Content-Type", "application/json");
Creates and configures the HTTP client, creates the error and response
handlers, and finally executes the request.
ClientConfiguration config = new ClientConfiguration();
config.setProtocol(Protocol.HTTPS);
AmazonHttpClient client = new AmazonHttpClient(config);
System.out.println(client);
ExecutionContext context = new ExecutionContext(true);
ESAWSErrorHandler errorHandler = new ESAWSErrorHandler();
ESAWSResponseHandler<Void> responseHandler = new ESAWSResponseHandler<Void>();
client.requestExecutionBuilder().executionContext(context).errorResponseHandler(errorHandler).request(request)
.execute(responseHandler);
} catch (Exception e) {
e.printStackTrace();
}
}
But it gives me a 403 forbidden error. When I do Curl XGET with my endpoint url, I get the result. What am I doing wrong here?
com.amazonaws.AmazonServiceException: (Service: null; Status Code:
403; Error Code: Forbidden; Request ID: null) at
com.amazonaws.http.AmazonHttpClient$RequestExecutor.handleErrorResponse(AmazonHttpClient.java:1588)
at
com.amazonaws.http.AmazonHttpClient$RequestExecutor.executeOneRequest(AmazonHttpClient.java:1258)
at
com.amazonaws.http.AmazonHttpClient$RequestExecutor.executeHelper(AmazonHttpClient.java:1030)
at
com.amazonaws.http.AmazonHttpClient$RequestExecutor.doExecute(AmazonHttpClient.java:742)
at
com.amazonaws.http.AmazonHttpClient$RequestExecutor.executeWithTimer(AmazonHttpClient.java:716)
at
com.amazonaws.http.AmazonHttpClient$RequestExecutor.execute(AmazonHttpClient.java:699)
at
com.amazonaws.http.AmazonHttpClient$RequestExecutor.access$500(AmazonHttpClient.java:667)
at
com.amazonaws.http.AmazonHttpClient$RequestExecutionBuilderImpl.execute(AmazonHttpClient.java:649)
Solution
I guess you need es:ESHttpGet
in your ES strategy.
Quote:
Amazon Elasticsearch Service Access Control
Control Access to Your Amazon Elasticsearch Service Domain