Hi all! I've been trying to set up a datahub proje...
# all-things-deploymentb
bumpy-park-19085
09/28/2022, 3:17 PMHi all! I've been trying to set up a datahub project with a manually (terraformed) elastic search. the health checks for the front end come up but the gms service keeps returning a 403 (error in thread). i've tried both resource and identity based policies on the es cluster with no luck. has anyone else had this issue?
bumpy-park-19085
09/28/2022, 3:17 PM Copy code
Received 403 from <http://vpc-datahub-domain-xxxxxxxx.us-east-1.es.amazonaws.com:80>. Sleeping 1sb
bulky-electrician-72362
09/29/2022, 8:44 AMhey Cory, are you sure your pods have access to the ElasticSearch instance? e.g are security rules allow it to be accessed?
bulky-electrician-72362
09/29/2022, 8:44 AMyou can try
execb
bumpy-park-19085
09/29/2022, 1:35 PMi can exec into the pods in question
bumpy-park-19085
09/29/2022, 1:35 PMno issue
b
bulky-electrician-72362
09/29/2022, 1:50 PMcan you access elastic search from the pod
bulky-electrician-72362
09/29/2022, 1:50 PMby
curl -i HOST:PORT/_cat/indicesb
bumpy-park-19085
09/29/2022, 3:32 PMi still get a 403
b
bulky-electrician-72362
09/29/2022, 3:35 PMhow did you set up ES? what's the authentication method? is there any access control on ES?
b
bumpy-park-19085
09/29/2022, 3:55 PMin reading the docs, i have the es cluster inside a vpc, and there are some conflicting information about using a resource vs. ip-based policy. ip-based would let us use unsigned requests, but we want to use signed requests. i think this mean i need to give the pod the the ability to sign requests?
b
bulky-electrician-72362
09/30/2022, 11:49 AMor you can use usename/password to authenticate
4 Views