1

I am trying to update AWS elasticsearch access policy through serverless yaml configuration:

resources:
  Resources:
    ELInstanceName:
      Type: "AWS::Elasticsearch::Domain"
      Properties:
        ElasticsearchVersion: "7.1"
        DomainName: "domain-name"
        ElasticsearchClusterConfig:
          DedicatedMasterEnabled: false
          InstanceCount: "3"
          ZoneAwarenessEnabled: false
          InstanceType: "m4.large.elasticsearch"
        EBSOptions:
          EBSEnabled: true
          Iops: 0
          VolumeSize: 10
          VolumeType: "gp2"
        AccessPolicies:
          Version: "2012-10-17"
          Statement:
            -
              Effect: "Allow"
              Principal:
                AWS:
                  - arn:aws:iam::XXXXXXXXX:user/user1
                  - arn:aws:iam::XXXXXXXXX:user/user2
                  - arn:aws:iam::XXXXXXXXX:role/Cognito_custom_Auth_Role
              Action: "es:*"
              Resource: "*"

On executing command serverless deploy, either execution hung up or terminate with the following error

............
Serverless: Operation failed!
Serverless Error ---------------------------------------

An error occurred - domain-name elasticsearch instance already exists.

Also sometimes the command executed without error but there is no change in ES access policy when checked in AWS console.

Am I missing any configuration details for updating the resource? What can be done to update access policy for ES resource using serverless?

4

1 回答 1

0

域名

“如果指定名称,则无法执行需要替换此资源的更新。您可以执行不需要中断或需要中断的更新。如果必须替换资源,请指定新名称。”

如果对AccessPolicies的更新确实需要替换域,这将解释您的问题。根据文档,它没有,但也许对域进行了一些其他更改?

一种解决方法是不对域名进行硬编码。

于 2020-05-11T11:04:54.573 回答