Fail to upload documents to aws cloudsearch using boto.cloudsearch2

Question

This is my code to try uploading documents to cloud search

from boto.cloudsearch2.layer2 import Layer2
conn_config = {
    'region': 'us-east-1',
    'aws_access_key_id': os.getenv('AWS_ACCESS'),
    'aws_secret_access_key': os.getenv('AWS_SECRET'),
    'debug': 2
}
conn = Layer2(**conn_config)
domain = conn.lookup(my_domain)
doc_service = domain.get_document_service()
doc_service.add(my_id, my_fields)
doc_service.commit()

This is the error I got:

Traceback (most recent call last):
line 32, in <module> doc.commit()
File "/Library/Python/2.7/site-packages/boto/cloudsearch2/document.py", line 205, in commit return CommitResponse(r, self, sdf)
File "/Library/Python/2.7/site-packages/boto/cloudsearch2/document.py", line 250, in      __init__
self.adds = self.content['adds']
KeyError: 'adds'

which is I believe is a misleading error. When I add this line to init() of /Library/Python/2.7/site-packages/boto/cloudsearch2/document.py

print self.content

the real problem seems to appears as:

{u'status': u'error', u'message': u'User: anonymous is not authorized to perform:    cloudsearch:document on resource: arn:aws:cloudsearch:us-east-1:053216739513:domain/dev-audit', u'errors': [{u'message': u'[*Deprecated*: Use the outer message field] User: anonymous is not authorized to perform: cloudsearch:document on resource: arn:aws:cloudsearch: ...'}], u'__type': u'#AccessDenied'}

Any insights on how to overcome this annoying permission error? I am able to search with given access id and secret key but just fail to upload !!!

@cocoa, if the answer below solves your problem, please accept it. Otherwise, indicate how it fails to solve it. — tedder42, Feb 19 '15 at 19:22

score 5 · Answer 1 · answered Oct 24 '14 at 15:36

CloudSearch allows you to configure separate access policies for querying vs doc submission. It sounds like maybe your doc submission policy is more restrictive than your query policy (which is a common setup).

You can leave doc submission wide open to test things and come up with an access policy later using the guide at http://docs.aws.amazon.com/cloudsearch/latest/developerguide/configuring-access.html.

Sample wide-open configuration:

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Sid": "",
      "Effect": "Allow",
      "Principal": {
        "AWS": "*"
      },
      "Action": "cloudsearch:*"
    }
  ]
}

Here's where to go in the AWS web console:

CloudSearch access policies

Fail to upload documents to aws cloudsearch using boto.cloudsearch2

1 Answers1