【以下的问题经过翻译处理】 我已经在我们的两个非生产账户中设置了OpenSearch Serverless collections,并验证了我们在ECS中运行的Python应用程序可以使用opensearch-py调用它的API。
今天,我尝试在我们的生产账户中复制同样的设置,但无法使用opensearch-py成功连接到其端点。我已经仔细检查了:
- 网络访问策略允许使用应用程序VPC中创建的VPC端点对collection的端点进行VPC访问,并且网络可达性分析器可以从正在运行的容器ENI到VPC端点找到网络路径
- 数据访问策略允许正确的角色对collection和所有索引执行所有操作。
我注意到的一个奇怪的问题是,我创建的VPC端点在OpenSearch Serverless控制台的VPC端点列表中已经消失了。AWS CLI的输出中也没有它:
aws opensearchserverless list-vpc-endpoints
{
"vpcEndpointSummaries": []
}
在我们的非生产账户中,VPC端点在命令输出中被列出。我能够在生产账户的VPC控制台中找到VPC端点,所以我尝试重新创建它。在创建后,我可以看到在OpenSearch Serverless控制台中它是存在的,但后来它又消失了。
该collection配置允许公开访问dashboard,我可以使用在OpenSearch Serverless控制台中找到的链接登录,并使用devtool运行查询。
什么可能是401错误的原因?我可以进一步探究什么?
我用以下Python代码尝试连接到生产中的集合:
>>> import os, boto3
>>> from opensearchpy import OpenSearch, RequestsHttpConnection, AWSV4SignerAuth
>>> host = REDACTED
>>> service, region = ('aoss', 'us-west-2')
>>> credentials = boto3.Session().get_credentials()
>>> auth = AWSV4SignerAuth(credentials, region, service)
>>> client = OpenSearch(
hosts=[{'host': host, 'port': 443}],
http_auth=auth,
use_ssl=True,
verify_certs=True,
connection_class=RequestsHttpConnection,
pool_maxsize=20,
)
>>> q = "miller"
>>> query = {
'size': 5,
'query': {
'multi_match': {
'query': q,
'fields': ['title^2', 'director']
}
}
}
>>> client.search(query)
Traceback (most recent call last):
File "<stdin>", line 1, in <module>
File "/usr/local/lib/python3.7/site-packages/opensearchpy/client/utils.py", line 178, in _wrapped
return func(*args, params=params, headers=headers, **kwargs)
File "/usr/local/lib/python3.7/site-packages/opensearchpy/client/__init__.py", line 1556, in search
body=body,
File "/usr/local/lib/python3.7/site-packages/opensearchpy/transport.py", line 408, in perform_request
raise e
File "/usr/local/lib/python3.7/site-packages/opensearchpy/transport.py", line 376, in perform_request
timeout=timeout,
File "/usr/local/lib/python3.7/site-packages/opensearchpy/connection/http_requests.py", line 222, in perform_request
response.headers.get("Content-Type"),
File "/usr/local/lib/python3.7/site-packages/opensearchpy/connection/base.py", line 302, in _raise_error
status_code, error_message, additional_info
opensearchpy.exceptions.AuthenticationException: AuthenticationException(401, '')
Topics
Networking & Content Delivery
Analytics
Tags
Amazon VPC
Amazon OpenSearch Serverless
Language
English
maodag
asked 5 months ago993 views