Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

403 error with http-aws-es #45

Open
khoa162 opened this issue Nov 14, 2017 · 13 comments
Open

403 error with http-aws-es #45

khoa162 opened this issue Nov 14, 2017 · 13 comments

Comments

@khoa162
Copy link

khoa162 commented Nov 14, 2017
edited
Loading

-----------------------My Code--------------------------------
import es from 'elasticsearch';
import awsSdk from 'aws-sdk';
import httpAwsEs from 'http-aws-es';
import AWS from '../../config/aws';

const options = {
host: '....................',
connectionClass: httpAwsEs,
awsConfig: new awsSdk.Config({
credentials: new awsSdk.Credentials(AWS.accessKeyId, AWS.secretAccessKey),
region: AWS.region,
}),
httpOptions: {}
/amazonES: {
region: AWS.region,
accessKey: AWS.accessKeyId,
secretKey: AWS.secretAccessKey
}/
};
const EsClient = new es.Client(options);
-----------------------------------------------ERROR-------------------------------
Trace: { Authorization Exception :: {"path":"/","query":{},"statusCode":403,"response":""}
at respond (D:\Workspace\2017.........\server\node_modules\elasticsearch\src\lib\transport.js:307:15)
at checkRespForFailure (D:\Workspace\2017............\server\node_modules\elasticsearch\src\lib\transport.js:266:7)
at IncomingMessage.cleanUp (D:\Workspace\2017....................\server\node_modules\http-aws-es\connector.js:61:9)
at emitNone (events.js:91:20)
at IncomingMessage.emit (events.js:185:7)
at endReadableNT (_stream_readable.js:974:12)
at _combinedTickCallback (internal/process/next_tick.js:74:11)
at process._tickDomainCallback (internal/process/next_tick.js:122:9)
status: 403,
displayName: 'AuthorizationException',
message: 'Authorization Exception',
path: '/',
query: {},
body: undefined,
statusCode: 403,
response: '',
toString: [Function],
toJSON: [Function] }
at D:/Workspace/2017/................./server/app/controllers/EsController.js:46:13
at respond (D:\Workspace\2017.................\server\node_modules\elasticsearch\src\lib\transport.js:326:9)
at checkRespForFailure (D:\Workspace\2017.................\server\node_modules\elasticsearch\src\lib\transport.js:266:7)
at IncomingMessage.cleanUp (D:\Workspace\2017.................\server\node_modules\http-aws-es\connector.js:61:9)
at emitNone (events.js:91:20)
at IncomingMessage.emit (events.js:185:7)
at endReadableNT (_stream_readable.js:974:12)
at _combinedTickCallback (internal/process/next_tick.js:74:11)
at process._tickDomainCallback (internal/process/next_tick.js:122:9)

I am using http-aws-es and that is the error. It works well when I change the connectionClass from httpAwsEs to 'http'. Could y guys explain to me the reason why I fail to use http-aws-es in this case?
@brewdium
Copy link

Hi @khoa162,

I was also getting a 403 error recently with this package, if you want to try this fork where I have changed out the signer quickly to see if that was the problem for you too it might be a quick fix and also help @TheDeveloper track down the source of the issue. Simply add the fork to your package.json as...
"http-aws-es": "https://github.com/NextFaze/http-aws-es"
or fork my fork if you want to, probably the better idea for security reasons if you don't trust me 😅

Hope that helps

@dpiechota
Copy link

Hi,

I am also getting 403 error. "User: anonymous is not authorized to perform: es:ESHttpPost on resource: XXX". @spazworm I have tried your for but with no luck.

import { Client } from 'elasticsearch'
import { HttpAmazonESConnector } from 'http-aws-es/connector'
...
let options = {
  hosts: ['https://' + AWSEnvConfig.ElasticsearchDomainClusterDomainEndpoint],
  connectionClass: HttpAmazonESConnector,
  amazonES: { accessKey: iamCredentials.accessKeyId, secretKey: iamCredentials.secretAccessKey, region: iamCredentials.region }
};

let es = Client(options)

@TheDeveloper
Copy link
Owner

@Mozowski can you check your options object? amazonES property is deprecated in the latest version. see readme for instructions

@dpiechota
Copy link

Hi @TheDeveloper , so the code looks like this

import { HttpAmazonESConnector } from 'http-aws-es/connector'
import { AWSEnvConfig } from '../assets/aws-config';
...
let awsConfigNew = new AWS.Config({
  region: iamCredentials.region,
  credentials: new AWS.Credentials(iamCredentials.accessKeyId, iamCredentials.secretAccessKey)
});

console.log(awsConfigNew) // I have nice Config Object here 

let options = {
  hosts: ['https://' + AWSEnvConfig.ElasticsearchDomainClusterDomainEndpoint],
  connectionClass: HttpAmazonESConnector,
  awsConfig: awsConfigNew
};

console.log(options) // Looks good to me {hosts: Array(1), connectionClass: undefined, awsConfig: Config}

let es = Client(options)
console.log(es)

Still have the same 403 (Forbidden) User: anonymous is not authorized to perform: es:ESHttpPost on resource ZZZ. Any help would be appreciated ;)

@TheDeveloper
Copy link
Owner

TheDeveloper commented Nov 25, 2017
edited
Loading

@Mozowski thanks. Is that IAM user definitely authorised for es actions? Can you also double check region is being set correctly?

@dpiechota
Copy link

@TheDeveloper thanks for quick answer. I have checked credentials I am logging here console.log(awsConfigNew) in Postman and those work perfectly fine. In the Chrome Developer tools I do not see Authorization Header when debugging this 403 Error.

Accept:*/*
Accept-Encoding:gzip, deflate
Accept-Language:pl-PL,en-US;q=0.9
Connection:keep-alive
Content-Length:0
Host:XXX
Origin:ZZZ
Referer:ZZZ
User-Agent:Mozilla/5.0 (Linux; Android 6.0.1; MI 5s Build/MXB48T; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/62.0.3202.84 Mobile Safari/537.36
X-DevTools-Emulate-Network-Conditions-Client-Id
X-Requested-With:YYY

@dpiechota
Copy link

dpiechota commented Nov 25, 2017
edited
Loading

@TheDeveloper I have been able to move forward with debugging. It sounds like this is problem with AWS library.
ERROR Error: Uncaught (in promise): TypeError: AWS.NodeHttpClient is not a constructor
this comes from line this.httpClient = new AWS.NodeHttpClient(); in HttpAmazonESConnector constructor.
I am running my app in ionic and I do not see NodeHttpClient as a property of AWS object.
I believe ionic is running in browser, guess this is the issue.

@TheDeveloper
Copy link
Owner

@Mozowski thanks for the extra info! That would be the problem.

This module only works on Node because it uses AWS.NodeHttpClient, which isn't present on other platforms.

Browser compatibility is possible though. When running on browser this module could use AWS SDK's XHRClient instead to make requests.

@dpiechota
Copy link

Thanks @TheDeveloper !
Changing client this.httpClient = new AWS.XHRClient(); causes new ERROR:

Error: Request error, retrying
  POST https://XXX/_search?query= => Cannot read property 'content-encoding' of undefined

I am not sure if the _search?query= part of above URL is correct query to AWS elasticsearch
I am using es object as follows

let es = Client(options)
console.log(es)

es.search({
  "query": {
    "match_all": {}
  }
})

@TheDeveloper
Copy link
Owner

@Mozowski unfortunately it's not quite a simple hot-swap, we would need to integrate the XHRClient

@dpiechota
Copy link

Ok, thank you for support @TheDeveloper !

@TheDeveloper
Copy link
Owner

@Mozowski I've just pushed 4.0.0 to use AWS XHRClient in browser. Let me know if that works for you

@dpiechota
Copy link

@TheDeveloper everything is working fine! Thank you for great support!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@TheDeveloper @dpiechota @brewdium @khoa162