ES - 用Python给AWS ES注册S3快照仓库 - 《DevOps 学习笔记》

首先需要准备一个角色，授权访问对应的S3 bucket(bucket的创建就不说了)
角色权限(permissions)如下

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Action": [
                "s3:ListBucket"
            ],
            "Effect": "Allow",
            "Resource": [
                "arn:aws:s3:::YOUR-S3-BUCKET"
            ]
        },
        {
            "Action": [
                "s3:GetObject",
                "s3:PutObject",
                "s3:DeleteObject"
            ],
            "Effect": "Allow",
            "Resource": [
                "arn:aws:s3:::YOUR-S3-BUCKET/*"
            ]
        }
    ]
}

信任关系(Trust Relationship)如下

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Sid": "",
      "Effect": "Allow",
      "Principal": {
        "Service": "es.amazonaws.com"
      },
      "Action": "sts:AssumeRole"
    }
  ]
}

Python代码如下

import boto3
import requests
from requests_aws4auth import AWS4Auth
region = 'us-east-1'
role_arn_for_snapshot = "YOUR-ROLE-ARN"
s3_bucket_name = "YOUR-S3-BUCKET"
host = 'https://YOUR.DOMAIN.es.amazonaws.com'
repo_name = 'MY-SNAPSHOT'
credentials = boto3.Session().get_credentials()
awsauth = AWS4Auth(
  credentials.access_key,
  credentials.secret_key,
  region,
  "es",
  session_token=credentials.token
)
payload = {
  "type": "s3",
  "settings": {
    "base_path": repo_name,
    "bucket": s3_bucket_name,
    "endpoint": "s3.amazonaws.com",
    "role_arn": role_arn_for_snapshot,
  }
}
# Register repository
r = requests.put(
  '/'.join((host.rstrip('/'), '_snapshot', repo_name)),
  auth=awsauth,
  json=payload,
  headers={"Content-Type": "application/json"}
)
print(r.status_code)
print(r.text)