3

我想向 AWS ElasticSearch 实例发出请求。该实例具有对角色的访问控制,allow access to one or more AWS accounts or IAM users.该角色代表一个 Cognito 身份池,该身份池具有一个 Cognito 用户池作为身份验证源。

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Principal": {
        "AWS": "arn:aws:iam::***:role/Cognito_ElasticSearchAuth_Role"
      },
      "Action": "es:*",
      "Resource": "arn:aws:es:eu-west-1:***:domain/asd-es-public/*"
    }
  ]
}

当我尝试签署请求时,我得到

data "{\"message\":\"The security token included in the request is invalid.\"}"

这是请求

const proxyAgent = new HttpsProxyAgent('http://wwwproxy.***.com:***');

public async deleteAllIndices() {
    return new Promise((resolve, reject) => {
        https
            .request(
                aws4.sign(
                    {
                        hostname:
                            'search-asd-es-public-***.eu-west-1.es.amazonaws.com',
                        path: '/something',
                        method: 'GET',
                        agent: proxyAgent,
                    },
                    {
                        secretAccessKey: 'testuser',
                        accessKeyId: 'TestPw_1',
                    },
                ),
                (res) => {
                    res.setEncoding('utf8');
                    logger.info('statusCode:', res.statusCode);

                    res.on('data', (d) => {
                        logger.info('data', d);
                        resolve(res);
                    });
                },
            )
            .on('error', (e) => {
                logger.info(e.message);
                logger.info('error');
                reject(e);
            })
            .end();
    });
}
4

0 回答 0