AWS Lambda to proxy ElasticSearch Service using C#
I am trying to create an AWS lamda using c# to access AWS ElasticSerch service. I have created a role that my lambda function is configured to use which has access to ElasticSeach. But the permission doesn't seem to be working.
Here is my setup:
I have created an access policy with Read and Write access to ES service.
Created a role and assigned above policy
I have granted permissions to this role, to my ES cluster.
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"AWS": "arn:aws:iam::XXXXXXXXXXX:role/lambda-es-role"
},
"Action": "es:*",
"Resource": "arn:aws:es:us-west-2:XXXXXXXXXXXXXx:domain/es-test-es/*"
}
]
}
I have a simple code in lambda to see if I can connect to it.
public async Task<string> FunctionHandler()
{
HttpClient client = new HttpClient();
var response = await client.GetStringAsync("https://XXXXX.us-west-2.es.amazonaws.com/firstindex");
return response;
}
This gives me 403 Forbidden error. I even tried setting trust relationship with es.amazonaws.com for the role. That also did not work.
If I make the ES cluster public, I can see the response.
Will this method work with Lambda? Am I missing some permissions?
amazon-web-services aws-lambda aws-elasticsearch aws-sdk-net
asked Nov 20 at 22:19
user1868744
4128
add a comment |
I am trying to create an AWS lamda using c# to access AWS ElasticSerch service. I have created a role that my lambda function is configured to use which has access to ElasticSeach. But the permission doesn't seem to be working.
Here is my setup:
I have created an access policy with Read and Write access to ES service.
Created a role and assigned above policy
I have granted permissions to this role, to my ES cluster.
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"AWS": "arn:aws:iam::XXXXXXXXXXX:role/lambda-es-role"
},
"Action": "es:*",
"Resource": "arn:aws:es:us-west-2:XXXXXXXXXXXXXx:domain/es-test-es/*"
}
]
}
I have a simple code in lambda to see if I can connect to it.
public async Task<string> FunctionHandler()
{
HttpClient client = new HttpClient();
var response = await client.GetStringAsync("https://XXXXX.us-west-2.es.amazonaws.com/firstindex");
return response;
}
This gives me 403 Forbidden error. I even tried setting trust relationship with es.amazonaws.com for the role. That also did not work.
If I make the ES cluster public, I can see the response.
Will this method work with Lambda? Am I missing some permissions?
amazon-web-services aws-lambda aws-elasticsearch aws-sdk-net
asked Nov 20 at 22:19
user1868744
4128
1
I think you need to sign your request using Signature Version 4. See aws.amazon.com/blogs/security/…
– ben5556
Nov 20 at 22:36
1
got it. I was able to get it working with signing the request. Thank you
– user1868744
Nov 29 at 21:53
Cheers added it as an answer
– ben5556
Nov 29 at 22:18
add a comment |
I am trying to create an AWS lamda using c# to access AWS ElasticSerch service. I have created a role that my lambda function is configured to use which has access to ElasticSeach. But the permission doesn't seem to be working.
Here is my setup:
I have created an access policy with Read and Write access to ES service.
Created a role and assigned above policy
I have granted permissions to this role, to my ES cluster.
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"AWS": "arn:aws:iam::XXXXXXXXXXX:role/lambda-es-role"
},
"Action": "es:*",
"Resource": "arn:aws:es:us-west-2:XXXXXXXXXXXXXx:domain/es-test-es/*"
}
]
}
I have a simple code in lambda to see if I can connect to it.
public async Task<string> FunctionHandler()
{
HttpClient client = new HttpClient();
var response = await client.GetStringAsync("https://XXXXX.us-west-2.es.amazonaws.com/firstindex");
return response;
}
This gives me 403 Forbidden error. I even tried setting trust relationship with es.amazonaws.com for the role. That also did not work.
If I make the ES cluster public, I can see the response.
Will this method work with Lambda? Am I missing some permissions?
amazon-web-services aws-lambda aws-elasticsearch aws-sdk-net
asked Nov 20 at 22:19
user1868744
4128
I am trying to create an AWS lamda using c# to access AWS ElasticSerch service. I have created a role that my lambda function is configured to use which has access to ElasticSeach. But the permission doesn't seem to be working.
Here is my setup:
I have created an access policy with Read and Write access to ES service.
Created a role and assigned above policy
I have granted permissions to this role, to my ES cluster.
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"AWS": "arn:aws:iam::XXXXXXXXXXX:role/lambda-es-role"
},
"Action": "es:*",
"Resource": "arn:aws:es:us-west-2:XXXXXXXXXXXXXx:domain/es-test-es/*"
}
]
}
I have a simple code in lambda to see if I can connect to it.
public async Task<string> FunctionHandler()
{
HttpClient client = new HttpClient();
var response = await client.GetStringAsync("https://XXXXX.us-west-2.es.amazonaws.com/firstindex");
return response;
}
This gives me 403 Forbidden error. I even tried setting trust relationship with es.amazonaws.com for the role. That also did not work.
If I make the ES cluster public, I can see the response.
Will this method work with Lambda? Am I missing some permissions?
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"AWS": "arn:aws:iam::XXXXXXXXXXX:role/lambda-es-role"
},
"Action": "es:*",
"Resource": "arn:aws:es:us-west-2:XXXXXXXXXXXXXx:domain/es-test-es/*"
}
]
}{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"AWS": "arn:aws:iam::XXXXXXXXXXX:role/lambda-es-role"
},
"Action": "es:*",
"Resource": "arn:aws:es:us-west-2:XXXXXXXXXXXXXx:domain/es-test-es/*"
}
]
}amazon-web-services aws-lambda aws-elasticsearch aws-sdk-net
amazon-web-services aws-lambda aws-elasticsearch aws-sdk-net
asked Nov 20 at 22:19
user1868744
4128
asked Nov 20 at 22:19
user1868744
4128
asked Nov 20 at 22:19
user1868744
4128
asked Nov 20 at 22:19
user1868744
4128
asked Nov 20 at 22:19
user1868744
4128
4128
1
I think you need to sign your request using Signature Version 4. See aws.amazon.com/blogs/security/…
– ben5556
Nov 20 at 22:36
1
got it. I was able to get it working with signing the request. Thank you
– user1868744
Nov 29 at 21:53
Cheers added it as an answer
– ben5556
Nov 29 at 22:18
add a comment |
1
I think you need to sign your request using Signature Version 4. See aws.amazon.com/blogs/security/…
– ben5556
Nov 20 at 22:36
1
got it. I was able to get it working with signing the request. Thank you
– user1868744
Nov 29 at 21:53
Cheers added it as an answer
– ben5556
Nov 29 at 22:18
1
1
I think you need to sign your request using Signature Version 4. See aws.amazon.com/blogs/security/…
– ben5556
Nov 20 at 22:36
I think you need to sign your request using Signature Version 4. See aws.amazon.com/blogs/security/…
– ben5556
Nov 20 at 22:36
1
1
got it. I was able to get it working with signing the request. Thank you
– user1868744
Nov 29 at 21:53
got it. I was able to get it working with signing the request. Thank you
– user1868744
Nov 29 at 21:53
Cheers added it as an answer
– ben5556
Nov 29 at 22:18
Cheers added it as an answer
– ben5556
Nov 29 at 22:18
add a comment |
1 Answer
1
active
oldest
votes
I think you need to sign your request using Signature Version 4. See this
answered Nov 29 at 22:17
ben5556
1,7721310
add a comment |
Your Answer
StackExchange.ifUsing("editor", function () {
StackExchange.using("externalEditor", function () {
StackExchange.using("snippets", function () {
StackExchange.snippets.init();
});
});
}, "code-snippets");
StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "1"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});
function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});
}
});
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53402453%2faws-lambda-to-proxy-elasticsearch-service-using-c-sharp%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
1 Answer
1
active
oldest
votes
1 Answer
1
active
oldest
votes
active
oldest
votes
active
oldest
votes
I think you need to sign your request using Signature Version 4. See this
answered Nov 29 at 22:17
ben5556
1,7721310
add a comment |
I think you need to sign your request using Signature Version 4. See this
answered Nov 29 at 22:17
ben5556
1,7721310
add a comment |
I think you need to sign your request using Signature Version 4. See this
answered Nov 29 at 22:17
ben5556
1,7721310
I think you need to sign your request using Signature Version 4. See this
answered Nov 29 at 22:17
ben5556
1,7721310
answered Nov 29 at 22:17
ben5556
1,7721310
answered Nov 29 at 22:17
ben5556
1,7721310
answered Nov 29 at 22:17
ben5556
1,7721310
1,7721310
add a comment |
add a comment |
Thanks for contributing an answer to Stack Overflow!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Some of your past answers have not been well-received, and you're in danger of being blocked from answering.
Please pay close attention to the following guidance:
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53402453%2faws-lambda-to-proxy-elasticsearch-service-using-c-sharp%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
1
I think you need to sign your request using Signature Version 4. See aws.amazon.com/blogs/security/…
– ben5556
Nov 20 at 22:36
1
got it. I was able to get it working with signing the request. Thank you
– user1868744
Nov 29 at 21:53
Cheers added it as an answer
– ben5556
Nov 29 at 22:18