Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

ValidationException: Before you can proceed, you must enable a service-linked role to give Amazon ES permissions to access your VPC

I am trying to create a VPC controlled Elastic Search Service on AWS. The problem is I keep getting the error when I run the following code: 'ValidationException: Before you can proceed, you must enable a service-linked role to give Amazon ES permissions to access your VPC'.

const AWS = require('aws-sdk'); AWS.config.update({region:'<aws-datacenter>'}); const accessPolicies = {   Statement: [{     Effect: "Allow",     Principal: {       AWS: "*"     },     Action: "es:*",     Resource: "arn:aws:es:<dc>:<accountid>:domain/<domain-name/*"   }] }; const params = {   DomainName: '<domain>',   /* required */   AccessPolicies: JSON.stringify(accessPolicies),   AdvancedOptions: {     EBSEnabled: "true",     VolumeType: "io1",     VolumeSize: "100",     Iops: "1000"   },   EBSOptions: {     EBSEnabled: true,     Iops: 1000,     VolumeSize: 100,     VolumeType: "io1"   },   ElasticsearchClusterConfig: {     DedicatedMasterCount: 3,     DedicatedMasterEnabled: true,     DedicatedMasterType: "m4.large.elasticsearch",     InstanceCount: 2,     InstanceType: 'm4.xlarge.elasticsearch',     ZoneAwarenessEnabled: true   },   ElasticsearchVersion: '5.5',   SnapshotOptions: {     AutomatedSnapshotStartHour: 3   },   VPCOptions: {     SubnetIds: [       '<redacted>',       '<redacted>'     ],     SecurityGroupIds: [       '<redacted>'     ]   } };  const es = new AWS.ES(); es.createElasticsearchDomain(params, function (err, data) {   if (err) {     console.log(err, err.stack); // an error occurred   } else {     console.log(JSON.stringify(data, null, 4)); // successful response   } }); 

The problem is I get this error: ValidationException: Before you can proceed, you must enable a service-linked role to give Amazon ES permissions to access your VPC. I cannot seem to figure out how to create this service linked role for the elastic search service. In the aws.amazon.com IAM console I cannot select that service for a role. I believe it is supposed to be created automatically.

Has anybody ran into this or know the way to fix it?

like image 350
Michael Young Avatar asked Nov 10 '17 18:11

Michael Young


People also ask

How do I create a service-linked role in AWS?

To create a service-linked role by using the IAM console: Navigate to the IAM console and choose Roles in the navigation pane. Choose Create new role. On the Select role type page, in the AWS service-linked role section, choose the AWS service for which you want to create the role.

What is es Amazonaws?

Amazon Elasticsearch Service (Amazon ES) is an Amazon Web Services product that allows developers to launch and operate Elasticsearch -- an open-source, Java-based search and analytics engine -- in the AWS cloud.

What is IAM service-linked role?

A service-linked role is a unique type of IAM role that is linked directly to an AWS service. Service-linked roles are predefined by the service and include all the permissions that the service requires to call other AWS services on your behalf.


1 Answers

The service-linked role can be created using the AWS CLI.

aws iam create-service-linked-role --aws-service-name es.amazonaws.com 
like image 200
Oscar Barrett Avatar answered Sep 28 '22 18:09

Oscar Barrett