AWS Elasticsearch 操作超时答案

【问题标题】：AWS Elasticsearch Operation timed outAWS Elasticsearch 操作超时
【发布时间】：2017-09-27 20:02:53
【问题描述】：

我在 AWS Elasticsearch 服务上创建了一个 ES 集群，配置如下（Terraform 格式，但一般配置应该易于人类阅读）

resource "aws_elasticsearch_domain" "es" {
  domain_name           = "tf-test"
  elasticsearch_version = "5.1"
  cluster_config {
    instance_type = "t2.small.elasticsearch"
  }

  ebs_options {
    ebs_enabled = "true"
    volume_type = "gp2"
    volume_size = "15"

  }

  advanced_options {
    "rest.action.multi.allow_explicit_index" = "true"
  }

  access_policies = <<CONFIG
{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Sid": "",
      "Effect": "Allow",
      "Principal": {
        "AWS": "*"
      },
      "Action": "es:*",
      "Condition": {
        "IpAddress": {
          "aws:SourceIp": [
            "my-ipv4/32"
          ]
        }
      },
      "Resource": "arn:aws:es:eu-central-1:my-account-id:domain/tf-test/*"
    }
  ]
}
CONFIG
}

并尝试插入文档

curl -v -XPUT my-endpoint:9200/movies/movie/tt0116996 -d '{"name":"John Doe"}'

返回错误：

curl: (7) Failed to connect to my-endpoint port 9200: Operation timed out

命令同理：

curl 'my-endpoint:9200/_cat/health?v'

【问题讨论】：

标签： amazon-web-services elasticsearch elasticsearch-5

【解决方案1】：

听起来 curl 无法连接。这可能来自elasticsearch的访问控制设置。查看https://docs.aws.amazon.com/elasticsearch-service/latest/developerguide/es-gsg-configure-access.html

您可以通过发出 telnet 来验证这一点，以查看您是否连接到 tcp 套接字：

telnet my-endpoint 9200

你应该会看到类似（sub your ip and servername）：

Trying 123.123.123.123...
Connected to my-endpoint
Escape character is '^]'.

如果您不连接 - 这是访问控制。

【讨论】：