Supervisión de Amazon Data Firehose mediante Registros de CloudWatch
Amazon Data Firehose se integra con Registros de Amazon CloudWatch para permitirle consultar los registros de los errores específicos que puedan presentarse al invocar Lambda para transformar o entregar los datos. Puede habilitar el registro de errores de Amazon Data Firehose al crear el flujo de Firehose.
Si habilita el registro de errores de Amazon Data Firehose en la consola de Amazon Data Firehose, se crean un grupo de registros y los flujos de registros correspondientes para el flujo de Firehose en su nombre. El formato del nombre del grupo de registros es /aws/kinesisfirehose/, donde delivery-stream-namedelivery-stream-nameDestinationDelivery es un flujo de registro que se crea y se utiliza para registrar cualquier error relacionado con la entrega en el destino principal. Otro flujo de registro denominado BackupDelivery se crea solo si la copia de seguridad de S3 está habilitada para el destino. El flujo de registro BackupDelivery se utiliza para registrar cualquier error relacionado con la entrega en la copia de seguridad de S3.
Por ejemplo, si crea un flujo de Firehose “MyStream” con Amazon Redshift como destino y habilita el registro de errores de Amazon Data Firehose, se crean los siguientes elementos en su nombre: un grupo de registros denominado aws/kinesisfirehose/MyStream y dos flujos de registros denominados DestinationDelivery y BackupDelivery. En este ejemplo, se utilizará DestinationDelivery para registrar cualquier error relacionado con la entrega en el destino de Amazon Redshift y también en el destino intermedio de S3. BackupDelivery, en caso de que la copia de seguridad de S3 esté habilitada, se utilizará para registrar cualquier error relacionado con la entrega en el bucket de copias de seguridad de S3.
Puede habilitar el registro de errores de Amazon Data Firehose a través de la AWS CLI, la API o CloudFormation mediante la configuración CloudWatchLoggingOptions. Para ello, cree previamente un grupo de registro y un flujo de registro. Le recomendamos destinar el grupo de registro y el flujo de registro exclusivamente al registro de errores de Amazon Data Firehose. Asegúrese también de que la política de IAM asociada tenga el permiso "logs:putLogEvents". Para obtener más información, consulte Control del acceso con Amazon Data Firehose.
Tenga en cuenta que Amazon Data Firehose no garantiza el envío de todos los registros de errores de entrega a Registros de CloudWatch. Si la tasa de errores de entrega es alta, Amazon Data Firehose toma muestras de los registros de errores de entrega antes de enviarlos a Registros de CloudWatch.
Se aplica un cargo nominal por los registros de errores enviados a Registros de CloudWatch. Para obtener más información, consulte Precios de Amazon CloudWatch
Contenido
Errores de entrega de datos
A continuación, se ofrece una lista de códigos y mensajes de error de entrega de datos según el destino de Amazon Data Firehose. Cada mensaje de error también describe qué debe hacerse para solucionar el problema.
Errores
Errores de entrega de datos de Amazon S3
Amazon Data Firehose puede enviar los siguientes errores relacionados con Amazon S3 a Registros de CloudWatch.
| Código de error | Mensaje de error e información |
|---|---|
S3.KMS.NotFoundException |
"La clave de AWS KMS proporcionada no se ha encontrado. Si cree que la clave de AWS KMS que está utilizando es válida y que su rol es el adecuado, compruebe si hay un problema con la cuenta a la que está vinculada la clave de AWS KMS." |
S3.KMS.RequestLimitExceeded |
"El límite de solicitudes de KMS por segundo se ha superado al intentar cifrar objetos de S3. Aumente el límite de solicitudes por segundo." Para obtener más información, consulte Límites en la Guía para desarrolladores de AWS Key Management Service. |
S3.AccessDenied |
"Acceso denegado. Asegúrese de que la política de confianza del rol de IAM proporcionado permita que Amazon Data Firehose asuma el rol y que la política de acceso permita el acceso al bucket de S3.” |
S3.AccountProblem |
“There is a problem with your AWS account that prevents the operation from completing successfully. Contact AWS Support.” |
S3.AllAccessDisabled |
"El acceso a la cuenta proporcionada se ha deshabilitado. Contact AWS Support.” |
S3.InvalidPayer |
"El acceso a la cuenta proporcionada se ha deshabilitado. Contact AWS Support.” |
S3.NotSignedUp |
“The account is not signed up for Amazon S3. Inscríbase o utilice otra cuenta." |
S3.NoSuchBucket |
"El bucket especificado no existe. Créelo o utilice otro que exista." |
S3.MethodNotAllowed |
"Este recurso no admite el método especificado. Modify the bucket’s policy to allow the correct Amazon S3 operation permissions.” |
InternalError |
"Se ha producido un error interno al intentar entregar los datos. Delivery will be retried; if the error persists, then it will be reported to AWS for resolution.” |
S3.KMS.KeyDisabled |
“The provided KMS key is disabled. Enable the key or use a different key.” |
S3.KMS.InvalidStateException |
“The provided KMS key is in an invalid state. Please use a different key.” |
KMS.InvalidStateException |
“The provided KMS key is in an invalid state. Please use a different key.” |
KMS.DisabledException |
“The provided KMS key is disabled. Please fix the key or use a different key.” |
S3.SlowDown |
“The rate of put request to the specified bucket was too high. Increase Firehose stream buffer size or reduce put requests from other applications.” |
S3.SubscriptionRequired |
“Access was denied when calling S3. Ensure that the IAM role and the KMS Key (if provided) passed in has Amazon S3 subscription.” |
S3.InvalidToken |
“The provided token is malformed or otherwise invalid. Please check the credentials provided.” |
S3.KMS.KeyNotConfigured |
“KMS key not configured. Configure your KMSMasterKeyID, or disable encryption for your S3 bucket.” |
S3.KMS.AsymmetricCMKNotSupported |
“Amazon S3 supports only symmetric CMKs. You cannot use an asymmetric CMK to encrypt your data in Amazon S3. To get the type of your CMK, use the KMS DescribeKey operation.” |
S3.IllegalLocationConstraintException |
“Firehose currently uses s3 global endpoint for data delivery to the configured s3 bucket. The region of the configured s3 bucket doesn't support s3 global endpoint. Please create a Firehose stream in the same region as the s3 bucket or use s3 bucket in the region that supports global endpoint.” |
S3.InvalidPrefixConfigurationException |
“The custom s3 prefix used for the timestamp evaluation is invalid. Check your s3 prefix contains valid expressions for the current date and time of the year.” |
DataFormatConversion.MalformedData |
“Illegal character found between tokens.” |
Errores de entrega de datos de tablas de Apache Iceberg
Para ver los errores de entrega de datos de tablas de Apache Iceberg, consulte Entrega de datos a tablas de Apache Iceberg con Amazon Data Firehose.
Errores de entrega de datos de Amazon Redshift
Amazon Data Firehose puede enviar los siguientes errores relacionados con Amazon Redshift a Registros de CloudWatch.
| Código de error | Mensaje de error e información |
|---|---|
Redshift.TableNotFound |
"La tabla a la que cargar datos no se ha encontrado. Asegúrese de que la tabla especificada exista." The destination table in Amazon Redshift to which data should be copied from S3 was not found. Tenga en cuenta que Amazon Data Firehose no crea la tabla de Amazon Redshift si no existe. |
Redshift.SyntaxError |
"El comando COPY contiene un error de sintaxis. Reintente el comando." |
Redshift.AuthenticationFailed |
"Error de autenticación del nombre de usuario y la contraseña. Proporcione un nombre de usuario y contraseña válidos." |
Redshift.AccessDenied |
"Acceso denegado. Asegúrese de que la política de confianza para el rol de IAM proporcionado permita que Amazon Data Firehose asuma el rol.” |
Redshift.S3BucketAccessDenied |
"El comando COPY no ha podido obtener acceso al bucket de S3. Ensure that the access policy for the provided IAM role allows access to the S3 bucket.” |
Redshift.DataLoadFailed |
"Se ha producido un error al cargar los datos en la tabla. Revise la tabla de sistema STL_LOAD_ERRORS para obtener más información." |
Redshift.ColumnNotFound |
"Una columna del comando COPY no existe en la tabla. Especifique un nombre de columna válido." |
Redshift.DatabaseNotFound |
“The database specified in the Amazon Redshift destination configuration or JDBC URL was not found. Especifique un nombre de base de datos válido." |
Redshift.IncorrectCopyOptions |
"Se han proporcionado opciones de COPY redundantes o en conflicto. Algunas opciones no son compatibles en determinadas combinaciones. Consulte la referencia de comandos COPY para obtener más información." Para obtener más información, consulte Comando COPY de Amazon Redshift en la Guía para desarrolladores de bases de datos de Amazon Redshift. |
Redshift.MissingColumn |
"El esquema de la tabla incluye una columna definida como NO NULL sin un valor DEFAULT, pero que no se encuentra en la lista de columnas. Exclude this column, ensure that the loaded data always provides a value for this column, or add a default value to the Amazon Redshift schema for this table.” |
Redshift.ConnectionFailed |
“The connection to the specified Amazon Redshift cluster failed. Ensure that security settings allow Amazon Data Firehose connections, that the cluster or database specified in the Amazon Redshift destination configuration or JDBC URL is correct, and that the cluster is available.” |
Redshift.ColumnMismatch |
"La cantidad de jsonpath del comando COPY y la cantidad de columnas de la tabla de destino deben coincidir. Reintente el comando." |
Redshift.IncorrectOrMissingRegion |
“Amazon Redshift attempted to use the wrong region endpoint for accessing the S3 bucket. Either specify a correct region value in the COPY command options or ensure that the S3 bucket is in the same region as the Amazon Redshift database.” |
Redshift.IncorrectJsonPathsFile |
"El formato del archivo jsonpath proporcionado no es un formato JSON compatible. Reintente el comando." |
Redshift.MissingS3File |
“One or more S3 files required by Amazon Redshift have been removed from the S3 bucket. Revise las políticas del bucket de S3 para borrar cualquier eliminación automática de archivos de S3." |
Redshift.InsufficientPrivilege |
"El usuario no tiene permisos para cargar datos en la tabla. Check the Amazon Redshift user permissions for the INSERT privilege.” |
Redshift.ReadOnlyCluster |
"La consulta no se puede ejecutar porque el sistema está en modo de cambio de tamaño. Intente ejecutar la consulta de nuevo más tarde." |
Redshift.DiskFull |
"No se han podido cargar los datos ya que el disco está lleno. Increase the capacity of the Amazon Redshift cluster or delete unused data to free disk space.” |
InternalError |
"Se ha producido un error interno al intentar entregar los datos. Delivery will be retried; if the error persists, then it will be reported to AWS for resolution.” |
Redshift.ArgumentNotSupported |
“The COPY command contains unsupported options.” |
Redshift.AnalyzeTableAccessDenied |
“Access denied. Copy from S3 to Redshift is failing because analyze table can only be done by table or database owner.” |
Redshift.SchemaNotFound |
“The schema specified in the DataTableName of Amazon Redshift destination configuration was not found. Specify a valid schema name.” |
Redshift.ColumnSpecifiedMoreThanOnce |
“There is a column specified more than once in the column list. Ensure that duplicate columns are removed.” |
Redshift.ColumnNotNullWithoutDefault |
“There is a non-null column without DEFAULT that is not included in the column list. Ensure that such columns are included in the column list.” |
Redshift.IncorrectBucketRegion |
“Redshift attempted to use a bucket in a different region from the cluster. Please specify a bucket within the same region as the cluster.” |
Redshift.S3SlowDown |
“High request rate to S3. Reduce the rate to avoid getting throttled.” |
Redshift.InvalidCopyOptionForJson |
“Please use either auto or a valid S3 path for json copyOption.” |
Redshift.InvalidCopyOptionJSONPathFormat |
“COPY failed with error \"Invalid JSONPath format. Array index is out of range.\” Please rectify the JSONPath expression.” |
Redshift.InvalidCopyOptionRBACAclNotAllowed |
“COPY failed with error \"Cannot use RBAC acl framework while permission propagation is not enabled.\” |
Redshift.DiskSpaceQuotaExceeded |
“Transaction aborted due to disk space quota exceed. Free up disk space or request increased quota for the schema(s).” |
Redshift.ConnectionsLimitExceeded |
“Connection limit exceeded for user.” |
Redshift.SslNotSupported |
“The connection to the specified Amazon Redshift cluster failed because the server does not support SSL. Please check your cluster settings.” |
Redshift.HoseNotFound |
“The hose has been deleted. Please check the status of your hose.” |
Redshift.Delimiter |
“The copyOptions delimiter in the copyCommand is invalid. Ensure that it is a single character.” |
Redshift.QueryCancelled |
“The user has canceled the COPY operation.” |
Redshift.CompressionMismatch |
“Hose is configured with UNCOMPRESSED, but copyOption includes a compression format.” |
Redshift.EncryptionCredentials |
“The ENCRYPTED option requires credentials in the format: 'aws_iam_role=...;master_symmetric_key=...' or 'aws_access_key_id=...;aws_secret_access_key=...[;token=...];master_symmetric_key=...'.” |
Redshift.InvalidCopyOptions |
“Invalid COPY configuration options.” |
Redshift.InvalidMessageFormat |
“Copy command contains an invalid character.” |
Redshift.TransactionIdLimitReached |
“Transaction ID limit reached.” |
Redshift.DestinationRemoved |
“Please verify that the redshift destination exists and is configured correctly in the Firehose configuration.” |
Redshift.OutOfMemory |
“The Redshift cluster is running out of memory. Please ensure the cluster has sufficient capacity.” |
Redshift.CannotForkProcess |
“The Redshift cluster is running out of memory. Please ensure the cluster has sufficient capacity.” |
Redshift.SslFailure |
“The SSL connection closed during the handshake.” |
Redshift.Resize |
“The Redshift cluster is resizing. Firehose will not be able to deliver data while the cluster is resizing.” |
Redshift.ImproperQualifiedName |
“The qualified name is improper (too many dotted names).” |
Redshift.InvalidJsonPathFormat |
“Invalid JSONPath Format.” |
Redshift.TooManyConnectionsException |
“Too many connections to Redshift.” |
Redshift.PSQLException |
“PSQlException observed from Redshift.” |
Redshift.DuplicateSecondsSpecification |
“Duplicate seconds specification in date/time format.” |
Redshift.RelationCouldNotBeOpened |
“Encountered Redshift error, relation could not be opened. Check Redshift logs for the specified DB.” |
Redshift.TooManyClients |
“Encountered too many clients exception from Redshift. Revisit max connections to the database if there are multiple producers writing to it simultaneously.” |
Errores de entrega de datos de Snowflake
Firehose puede enviar los siguientes errores relacionados con Snowflake a Registros de CloudWatch.
| Código de error | Mensaje de error e información |
|---|---|
Snowflake.InvalidUrl |
“Firehose no se puede conectar a Snowflake. Asegúrese de que la URL de la cuenta esté especificada correctamente en la configuración de destino de Snowflake.” |
Snowflake.InvalidUser |
“Firehose no se puede conectar a Snowflake. Asegúrese de que el usuario esté especificado correctamente en la configuración de destino de Snowflake.” |
Snowflake.InvalidRole |
“El rol de snowflake especificado no existe o no está autorizado. Asegúrese de que el rol esté asignado al usuario especificado” |
Snowflake.InvalidTable |
“La tabla proporcionada no existe o no está autorizada” |
Snowflake.InvalidSchema |
“El esquema proporcionado no existe o no está autorizado” |
Snowflake.InvalidDatabase |
“La base de datos proporcionada no existe o no está autorizada” |
Snowflake.InvalidPrivateKeyOrPassphrase |
“La clave privada o la frase de contraseña especificada no es válida. Tenga en cuenta que la clave privada proporcionada debe ser una clave privada PEM RSA válida” |
Snowflake.MissingColumns |
“La solicitud de inserción se rechaza porque faltan columnas en la carga útil de entrada. Asegúrese de que los valores estén especificados para todas las columnas que no admiten valores NULL” |
Snowflake.ExtraColumns |
“La solicitud de inserción se rechaza debido a que hay columnas adicionales. No se deben especificar las columnas que no estén presentes en la tabla” |
Snowflake.InvalidInput |
“Ocurrió un error en la entrega debido a un formato de entrada no válido. Asegúrese de que la carga útil de entrada proporcionada esté en el formato JSON aceptable” |
Snowflake.IncorrectValue |
“La entrega ha fallado debido a un tipo de datos incorrecto en la carga útil de entrada. Asegúrese de que los valores JSON especificados en la carga útil de entrada se ajusten al tipo de datos declarado en la definición de la tabla de Snowflake” |
Errores de entrega de datos de Splunk
Amazon Data Firehose puede enviar los siguientes errores relacionados con Splunk a Registros de CloudWatch.
| Código de error | Mensaje de error e información |
|---|---|
Splunk.ProxyWithoutStickySessions |
“Si tiene un proxy (ELB u otro) entre Amazon Data Firehose y el nodo de HEC, debe habilitar las sesiones persistentes para que sea compatible con los ACK de HEC.” |
Splunk.DisabledToken |
"El token de HEC está deshabilitado. Habilite el token para permitir la entrega de datos a Splunk.". |
Splunk.InvalidToken |
"El token de HEC no es válido. Actualice Amazon Data Firehose con un token de HEC válido”. |
Splunk.InvalidDataFormat |
"Los datos no están en el formato correcto. Para ver cómo dar a los datos el formato correcto para puntos de enlace de HEC de eventos o sin procesar, consulte Splunk Event Data |
Splunk.InvalidIndex |
"El token o la entrada de HEC están configurados con un índice no válido. Compruebe la configuración del índice e inténtelo de nuevo.". |
Splunk.ServerError |
“Data delivery to Splunk failed due to a server error from the HEC node. Amazon Data Firehose volverá a intentar enviar los datos si la duración del reintento en su Amazon Data Firehose es superior a 0. If all the retries fail, Amazon Data Firehose backs up the data to Amazon S3.” |
Splunk.DisabledAck |
"El reconocimiento de indexadores está deshabilitado en el token de HEC. Habilite el reconocimiento de indexadores e inténtelo de nuevo. Para obtener más información, consulte Enable indexer acknowledgement |
Splunk.AckTimeout |
"No recibió ningún reconocimiento de parte del HEC antes de que el tiempo de espera de reconocimiento del HEC se agotara. Despite the acknowledgement timeout, it's possible the data was indexed successfully in Splunk. Amazon Data Firehose backs up in Amazon S3 data for which the acknowledgement timeout expired.” |
Splunk.MaxRetriesFailed |
"Error al entregar datos a Splunk o al recibir confirmación. Compruebe el estado del HEC y vuelva a intentarlo.". |
Splunk.ConnectionTimeout |
"Se ha agotado el tiempo de espera de conexión a Splunk. This might be a transient error and the request will be retried. Amazon Data Firehose backs up the data to Amazon S3 if all retries fail.” |
Splunk.InvalidEndpoint |
"No se ha podido establecer una conexión con el punto de enlace del HEC. Asegúrese de que la URL del punto de conexión HEC es válido y Amazon Data Firehose puede llegar a ella.” |
Splunk.ConnectionClosed |
"No se pueden enviar datos a Splunk debido a un error de conexión. Posiblemente sea un error temporal. Si aumenta la duración de demora en la configuración de Amazon Data Firehose, se pueden prevenir estos errores temporales.” |
Splunk.SSLUnverified |
"No se ha podido establecer una conexión con el punto de enlace del HEC. El host no coincide con el certificado proporcionadas por el homólogo. Asegúrese de que el certificado y el host son válidos." |
Splunk.SSLHandshake |
"No se ha podido establecer una conexión con el punto de enlace del HEC. Asegúrese de que el certificado y el host son válidos." |
Splunk.URLNotFound |
“The requested URL was not found on the Splunk server. Please check the Splunk cluster and make sure it is configured correctly.” |
Splunk.ServerError.ContentTooLarge |
“Data delivery to Splunk failed due to a server error with a statusCode: 413, message: the request your client sent was too large. See splunk docs to configure max_content_length.” |
Splunk.IndexerBusy |
“Data delivery to Splunk failed due to a server error from the HEC node. Make sure HEC endpoint or the Elastic Load Balancer is reachable and is healthy.” |
Splunk.ConnectionRecycled |
“The connection from Firehose to Splunk has been recycled. Delivery will be retried.” |
Splunk.AcknowledgementsDisabled |
“Could not get acknowledgements on POST. Make sure that acknowledgements are enabled on HEC endpoint.” |
Splunk.InvalidHecResponseCharacter |
“Invalid characters found in HEC response, make sure to check to the service and HEC configuration.” |
Errores de entrega de datos de ElasticSearch
Amazon Data Firehose puede enviar los siguientes errores relacionados con ElasticSearch a Registros de CloudWatch.
| Código de error | Mensaje de error e información |
|---|---|
ES.AccessDenied |
"Acceso denegado. Ensure that the provided IAM role associated with firehose is not deleted.” |
ES.ResourceNotFound |
“The specified AWS Elasticsearch domain does not exist.” |
Errores de entrega de datos de puntos de conexión HTTPS
Amazon Data Firehose puede enviar los siguientes errores relacionados con los puntos de conexión HTTP a Registros de CloudWatch. Si ninguno de estos errores coincide con el problema que experimenta, el error predeterminado es el siguiente: “An internal error occurred while attempting to deliver data. Delivery will be retried; if the error persists, then it will be reported to AWS for resolution.”
| Código de error | Mensaje de error e información |
|---|---|
HttpEndpoint.RequestTimeout |
Se agotó el tiempo de espera de la entrega antes de recibir una respuesta y se volverá a intentar. Si el error persiste, póngase en contacto con el equipo del servicio Firehose de AWS. |
HttpEndpoint.ResponseTooLarge |
“The response received from the endpoint is too large. Contact the owner of the endpoint to resolve this issue.” |
HttpEndpoint.InvalidResponseFromDestination |
“The response received from the specified endpoint is invalid. Contact the owner of the endpoint to resolve the issue.” |
HttpEndpoint.DestinationException |
“The following response was received from the endpoint destination.” |
HttpEndpoint.ConnectionFailed |
“Unable to connect to the destination endpoint. Contact the owner of the endpoint to resolve this issue.” |
HttpEndpoint.ConnectionReset |
“Unable to maintain connection with the endpoint. Contact the owner of the endpoint to resolve this issue.” |
HttpEndpoint.ConnectionReset |
“Trouble maintaining connection with the endpoint. Please reach out to the owner of the endpoint.” |
HttpEndpoint.ResponseReasonPhraseExceededLimit |
“The response reason phrase received from the endpoint exceed the configured limit of 64 characters.” |
HttpEndpoint.InvalidResponseFromDestination |
“The response received from the endpoint is invalid. See Troubleshooting HTTP Endpoints in the Firehose documentation for more information. Reason: .” |
HttpEndpoint.DestinationException |
“Delivery to the endpoint was unsuccessful. See Troubleshooting HTTP Endpoints in the Firehose documentation for more information. Response received with status code .” |
HttpEndpoint.InvalidStatusCode |
“Received an invalid response status code.” |
HttpEndpoint.SSLHandshakeFailure |
“Unable to complete an SSL Handshake with the endpoint. Contact the owner of the endpoint to resolve this issue.” |
HttpEndpoint.SSLHandshakeFailure |
“Unable to complete an SSL Handshake with the endpoint. Contact the owner of the endpoint to resolve this issue.” |
HttpEndpoint.SSLFailure |
“Unable to complete TLS handshake with the endpoint. Contact the owner of the endpoint to resolve this issue.” |
HttpEndpoint.SSLHandshakeCertificatePathFailure |
“Unable to complete an SSL Handshake with the endpoint due to invalid certification path. Contact the owner of the endpoint to resolve this issue.” |
HttpEndpoint.SSLHandshakeCertificatePathValidationFailure |
“Unable to complete an SSL Handshake with the endpoint due to certification path validation failure. Contact the owner of the endpoint to resolve this issue.” |
HttpEndpoint.MakeRequestFailure.IllegalUriException |
“HttpEndpoint request failed due to invalid input in URI. Please make sure all the characters in the input URI are valid.” |
HttpEndpoint.MakeRequestFailure.IllegalCharacterInHeaderValue |
“HttpEndpoint request failed due to illegal response error. Illegal character '\n' in header value.” |
HttpEndpoint.IllegalResponseFailure |
“HttpEndpoint request failed due to illegal response error. HTTP message must not contain more than one Content-Type header.” |
HttpEndpoint.IllegalMessageStart |
“HttpEndpoint request failed due to illegal response error. Illegal HTTP message start. See Troubleshooting HTTP Endpoints in the Firehose documentation for more information.” |
Errores de entrega de datos de Amazon OpenSearch Service
En el caso del destino OpenSearch Service, Amazon Data Firehose envía los errores a Registros de CloudWatch a medida que OpenSearch Service los devuelve.
Además de los errores que pueden provenir de los clústeres de OpenSearch, es posible que se produzcan los dos errores siguientes:
-
Se produce un error de autenticación o autorización al intentar entregar los datos en el clúster de OpenSearch Service de destino. Esto puede ocurrir debido a problemas de permisos o de forma intermitente cuando se modifica la configuración del dominio de OpenSearch Service de destino de Amazon Data Firehose. Compruebe la política del clúster y los permisos del rol.
-
No se pudieron entregar los datos en el clúster de OpenSearch Service de destino debido a errores de autenticación o autorización. Esto puede ocurrir debido a problemas de permisos o de forma intermitente cuando se modifica la configuración del dominio de OpenSearch Service de destino de Amazon Data Firehose. Compruebe la política del clúster y los permisos del rol.
| Código de error | Mensaje de error e información |
|---|---|
OS.AccessDenied |
"Acceso denegado. Ensure that the trust policy for the provided IAM role allows Firehose to assume the role, and the access policy allows access to the Amazon OpenSearch Service API.” |
OS.AccessDenied |
"Acceso denegado. Ensure that the trust policy for the provided IAM role allows Firehose to assume the role, and the access policy allows access to the Amazon OpenSearch Service API.” |
OS.AccessDenied |
"Acceso denegado. Ensure that the provided IAM role associated with firehose is not deleted.” |
OS.AccessDenied |
"Acceso denegado. Ensure that the provided IAM role associated with firehose is not deleted.” |
OS.ResourceNotFound |
“The specified Amazon OpenSearch Service domain does not exist.” |
OS.ResourceNotFound |
“The specified Amazon OpenSearch Service domain does not exist.” |
OS.AccessDenied |
"Acceso denegado. Ensure that the trust policy for the provided IAM role allows Firehose to assume the role, and the access policy allows access to the Amazon OpenSearch Service API.” |
OS.RequestTimeout |
“Request to the Amazon OpenSearch Service cluster or OpenSearch Serverless collection timed out. Ensure that the cluster or collection has sufficient capacity for the current workload.” |
OS.ClusterError |
“The Amazon OpenSearch Service cluster returned an unspecified error.” |
OS.RequestTimeout |
“Request to the Amazon OpenSearch Service cluster timed out. Ensure that the cluster has sufficient capacity for the current workload.” |
OS.ConnectionFailed |
“Trouble connecting to the Amazon OpenSearch Service cluster or OpenSearch Serverless collection. Ensure that the cluster or collection is healthy and reachable.” |
OS.ConnectionReset |
“Unable to maintain connection with the Amazon OpenSearch Service cluster or OpenSearch Serverless collection. Contact the owner of the cluster or collection to resolve this issue.” |
OS.ConnectionReset |
“Trouble maintaining connection with the Amazon OpenSearch Service cluster or OpenSearch Serverless collection. Ensure that the cluster or collection is healthy and has sufficient capacity for the current workload.” |
OS.ConnectionReset |
“Trouble maintaining connection with the Amazon OpenSearch Service cluster or OpenSearch Serverless collection. Ensure that the cluster or collection is healthy and has sufficient capacity for the current workload.” |
OS.AccessDenied |
"Acceso denegado. Ensure that the access policy on the Amazon OpenSearch Service cluster grants access to the configured IAM role.” |
OS.ValidationException |
“The OpenSearch cluster returned a ESServiceException. One of the reasons is that the cluster has been upgraded to OS 2.x or higher, but the hose still has the TypeName parameter configured. Update the hose configuration by setting the TypeName to an empty string, or change the endpoint to the cluster, that supports the Type parameter.” |
OS.ValidationException |
“Member must satisfy regular expression pattern: [a-z][a-z0-9\\-]+.” |
OS.JsonParseException |
“The Amazon OpenSearch Service cluster returned a JsonParseException. Ensure that the data being put is valid.” |
OS.AmazonOpenSearchServiceParseException |
“The Amazon OpenSearch Service cluster returned an AmazonOpenSearchServiceParseException. Ensure that the data being put is valid.” |
OS.ExplicitIndexInBulkNotAllowed |
“Ensure rest.action.multi.allow_explicit_index is set to true on the Amazon OpenSearch Service cluster.” |
OS.ClusterError |
“The Amazon OpenSearch Service cluster or OpenSearch Serverless collection returned an unspecified error.” |
OS.ClusterBlockException |
“The cluster returned a ClusterBlockException. It may be overloaded.” |
OS.InvalidARN |
“The Amazon OpenSearch Service ARN provided is invalid. Please check your DeliveryStream configuration.” |
OS.MalformedData |
“One or more records are malformed. Please ensure that each record is single valid JSON object and that it does not contain newlines.” |
OS.InternalError |
“An internal error occurred when attempting to deliver data. Delivery will be retried; if the error persists, it will be reported to AWS for resolution.” |
OS.AliasWithMultipleIndicesNotAllowed |
“Alias has more than one indices associated with it. Ensure that the alias has only one index associated with it.” |
OS.UnsupportedVersion |
“Amazon OpenSearch Service 6.0 is not currently supported by Amazon Data Firehose. Contact AWS Support for more information.” |
OS.CharConversionException |
“One or more records contained an invalid character.” |
OS.InvalidDomainNameLength |
“The domain name length is not within valid OS limits.” |
OS.VPCDomainNotSupported |
“Amazon OpenSearch Service domains within VPCs are currently not supported.” |
OS.ConnectionError |
“The http server closed the connection unexpectedly, please verify the health of the Amazon OpenSearch Service cluster or OpenSearch Serverless collection.” |
OS.LargeFieldData |
“The Amazon OpenSearch Service cluster aborted the request as it contained a field data larger than allowed.” |
OS.BadGateway |
“The Amazon OpenSearch Service cluster or OpenSearch Serverless collection aborted the request with a response: 502 Bad Gateway.” |
OS.ServiceException |
“Error received from the Amazon OpenSearch Service cluster or OpenSearch Serverless collection. If the cluster or collection is behind a VPC, ensure network configuration allows connectivity.” |
OS.GatewayTimeout |
“Firehose encountered timeout errors when connecting to the Amazon OpenSearch Service cluster or OpenSearch Serverless collection.” |
OS.MalformedData |
“Amazon Data Firehose does not support Amazon OpenSearch Service Bulk API commands inside the Firehose record.” |
OS.ResponseEntryCountMismatch |
“The response from the Bulk API contained more entries than the number of records sent. Ensure that each record contains only one JSON object and that there are no newlines.” |
Errores de invocación de Lambda
Amazon Data Firehose puede enviar los siguientes errores de invocación de Lambda a Registros de CloudWatch.
| Código de error | Mensaje de error e información |
|---|---|
Lambda.AssumeRoleAccessDenied |
"Acceso denegado. Asegúrese de que la política de confianza para el rol de IAM proporcionado permita que Amazon Data Firehose asuma el rol.” |
Lambda.InvokeAccessDenied |
"Acceso denegado. Ensure that the access policy allows access to the Lambda function.” |
Lambda.JsonProcessingException |
“There was an error parsing returned records from the Lambda function. Ensure that the returned records follow the status model required by Amazon Data Firehose.” Para obtener más información, consulte Parámetros necesarios para la transformación de datos. |
Lambda.InvokeLimitExceeded |
“The Lambda concurrent execution limit is exceeded. Aumente el límite de ejecución simultánea." Para obtener más información, consulte Límites de AWS Lambda en la Guía para desarrolladores de AWS Lambda. |
Lambda.DuplicatedRecordId |
"Se han devuelto varios registros con el mismo ID de registro. Ensure that the Lambda function returns unique record IDs for each record.” Para obtener más información, consulte Parámetros necesarios para la transformación de datos. |
Lambda.MissingRecordId |
"Uno o varios ID de registro no se devolverán. Ensure that the Lambda function returns all received record IDs.” Para obtener más información, consulte Parámetros necesarios para la transformación de datos. |
Lambda.ResourceNotFound |
“The specified Lambda function does not exist. Use otra función que exista." |
Lambda.InvalidSubnetIDException |
“The specified subnet ID in the Lambda function VPC configuration is invalid. Asegúrese de que el ID de subred sea válido." |
Lambda.InvalidSecurityGroupIDException |
“The specified security group ID in the Lambda function VPC configuration is invalid. Asegúrese de que el ID del grupo de seguridad sea válido." |
Lambda.SubnetIPAddressLimitReachedException |
“AWS Lambda was not able to set up the VPC access for the Lambda function because one or more configured subnets have no available IP addresses. Aumente el límite de direcciones IP." Para obtener más información, consulte Límites de Amazon VPC: VPC y subredes en la Guía del usuario de Amazon VPC. |
Lambda.ENILimitReachedException |
“AWS Lambda was not able to create an Elastic Network Interface (ENI) in the VPC, specified as part of the Lambda function configuration, because the limit for network interfaces has been reached. Aumente el límite de interfaces de red." Para obtener más información, consulte Límites de Amazon VPC: interfaces de red en la Guía del usuario de Amazon VPC. |
|
|
Se agotó el tiempo de espera de la función de Lambda. Aumente la configuración de tiempo de espera en la función de Lambda. Para obtener más información, consulte Configuración del tiempo de espera de la función. |
|
|
Puede deberse a uno de los siguientes errores:
|
|
|
Amazon Data Firehose detectó que la solicitud no se completó antes del error de configuración del tiempo de espera de la solicitud al invocar Lambda. Revise el código de Lambda para comprobar si está previsto que se ejecute más allá del tiempo de espera configurado. Si es así, considere la posibilidad de ajustar la configuración de Lambda, incluida la memoria y el tiempo de espera. Para obtener más información, consulte Configuración de las opciones de las funciones de Lambda. |
|
|
Amazon Data Firehose detectó un error. El servidor de destino no respondió al error al llamar al servicio AWS Lambda. |
|
|
Amazon Data Firehose detectó una InvalidZipFileException al invocar la función de Lambda. Compruebe la configuración de la función de Lambda y el archivo zip de código de Lambda. |
|
|
“Amazon Data Firehose detectó un InternalServerError al llamar al servicio de AWS Lambda. Amazon Data Firehose volverá a intentar enviar los datos un número fijo de veces. Puede especificar o anular las opciones de reintento con las API |
|
|
Amazon Data Firehose detectó una ServiceUnavailableException al llamar al servicio de AWS Lambda. Amazon Data Firehose volverá a intentar enviar los datos un número fijo de veces. Puede especificar o anular las opciones de reintento con las API |
|
|
No se puede invocar la función de Lambda debido a que el token de seguridad no es válido. No se admite la invocación de Lambda entre particiones. |
Lambda.InvocationFailure
|
Puede deberse a uno de los siguientes errores:
|
|
|
Se ha producido un error al analizar los registros devueltos de la función de Lambda. Asegúrese de que el campo de datos esté codificado en base64. |
Errores de invocación de Kinesis
Amazon Data Firehose puede enviar los siguientes errores de invocación a Registros de CloudWatch.
| Código de error | Mensaje de error e información |
|---|---|
Kinesis.AccessDenied |
“Access was denied when calling Kinesis. Ensure the access policy on the IAM role used allows access to the appropriate Kinesis APIs.” |
Kinesis.ResourceNotFound |
“Firehose failed to read from the stream. If the Firehose is attached with Kinesis Stream, the stream may not exist, or the shard may have been merged or split. If the Firehose is of DirectPut type, the Firehose may not exist any more.” |
Kinesis.SubscriptionRequired |
“Access was denied when calling Kinesis. Ensure that the IAM role passed for Kinesis stream access has AWS Kinesis subscription.” |
Kinesis.Throttling |
“Throttling error encountered when calling Kinesis. This can be due to other applications calling the same APIs as the Firehose stream, or because you have created too many Firehose streams with the same Kinesis stream as the source.” |
Kinesis.Throttling |
“Throttling error encountered when calling Kinesis. This can be due to other applications calling the same APIs as the Firehose stream, or because you have created too many Firehose streams with the same Kinesis stream as the source.” |
Kinesis.AccessDenied |
“Access was denied when calling Kinesis. Ensure the access policy on the IAM role used allows access to the appropriate Kinesis APIs.” |
Kinesis.AccessDenied |
“Access was denied while trying to call API operations on the underlying Kinesis Stream. Ensure that the IAM role is propagated and valid.” |
Kinesis.KMS.AccessDeniedException |
“Firehose does not have access to the KMS Key used to encrypt/decrypt the Kinesis Stream. Please grant the Firehose delivery role access to the key.” |
Kinesis.KMS.KeyDisabled |
“Firehose is unable to read from the source Kinesis Stream because the KMS key used to encrypt/decrypt it is disabled. Enable the key so that reads can proceed.” |
Kinesis.KMS.InvalidStateException |
“Firehose is unable to read from the source Kinesis Stream because the KMS key used to encrypt it is in an invalid state.” |
Kinesis.KMS.NotFoundException |
“Firehose is unable to read from the source Kinesis Stream because the KMS key used to encrypt it was not found.” |
Errores de invocación de DirectPut de Kinesis
Amazon Data Firehose puede enviar los siguientes errores de invocación de DirectPut de Kinesis a Registros de CloudWatch.
| Código de error | Mensaje de error e información |
|---|---|
Firehose.KMS.AccessDeniedException |
“Firehose does not have access to the KMS Key. Please check the key policy.” |
Firehose.KMS.InvalidStateException |
“Firehose is unable to decrypt the data because the KMS key used to encrypt it is in an invalid state.” |
Firehose.KMS.NotFoundException |
“Firehose is unable to decrypt the data because the KMS key used to encrypt it was not found.” |
Firehose.KMS.KeyDisabled |
“Firehose is unable to decrypt the data because the KMS key used to encrypt the data is disabled. Enable the key so that data delivery can proceed.” |
Errores de invocación de AWS Glue
Amazon Data Firehose puede enviar los siguientes errores de invocación de AWS Glue a Registros de CloudWatch.
| Código de error | Mensaje de error e información |
|---|---|
DataFormatConversion.InvalidSchema |
“The schema is invalid.” |
DataFormatConversion.EntityNotFound |
“The specified table/database could not be found. Please ensure that the table/database exists and that the values provided in the schema configuration are correct, especially with regards to casing.” |
DataFormatConversion.InvalidInput |
“Could not find a matching schema from glue. Please make sure the specified database with the supplied catalog ID exists.” |
DataFormatConversion.InvalidInput |
“Could not find a matching schema from glue. Please make sure the passed ARN is in the correct format.” |
DataFormatConversion.InvalidInput |
“Could not find a matching schema from glue. Please make sure the catalogId provided is valid.” |
DataFormatConversion.InvalidVersionId |
“Could not find a matching schema from glue. Please make sure the specified version of the table exists.” |
DataFormatConversion.NonExistentColumns |
“Could not find a matching schema from glue. Please make sure the table is configured with a non-null storage descriptor containing the target columns.” |
DataFormatConversion.AccessDenied |
“Access was denied when assuming role. Please ensure that the role specified in the data format conversion configuration has granted the Firehose service permission to assume it.” |
DataFormatConversion.ThrottledByGlue |
“Throttling error encountered when calling Glue. Either increase the request rate limit or reduce the current rate of calling glue through other applications.” |
DataFormatConversion.AccessDenied |
“Access was denied when calling Glue. Please ensure that the role specified in the data format conversion configuration has the necessary permissions.” |
DataFormatConversion.InvalidGlueRole |
“Invalid role. Please ensure that the role specified in the data format conversion configuration exists.” |
DataFormatConversion.InvalidGlueRole |
“The security token included in the request is invalid. Ensure that the provided IAM role associated with firehose is not deleted.” |
DataFormatConversion.GlueNotAvailableInRegion |
“AWS Glue is not yet available in the region you have specified; please specify a different region.” |
DataFormatConversion.GlueEncryptionException |
“There was an error retrieving the master key. Ensure that the key exists and has the correct access permissions.” |
DataFormatConversion.SchemaValidationTimeout |
“Timed out while retrieving table from Glue. If you have a large number of Glue table versions, please add 'glue:GetTableVersion' permission (recommended) or delete unused table versions. If you do not have a large number of tables in Glue, please contact AWS Support.” |
DataFirehose.InternalError |
“Timed out while retrieving table from Glue. If you have a large number of Glue table versions, please add 'glue:GetTableVersion' permission (recommended) or delete unused table versions. If you do not have a large number of tables in Glue, please contact AWS Support.” |
DataFormatConversion.GlueEncryptionException |
“There was an error retrieving the master key. Ensure that the key exists and state is correct.” |
Errores de invocación de DataFormatConversion
Amazon Data Firehose puede enviar los siguientes errores de invocación de DataFormatConversion a Registros de CloudWatch.
| Código de error | Mensaje de error e información |
|---|---|
DataFormatConversion.InvalidSchema |
“The schema is invalid.” |
DataFormatConversion.ValidationException |
“Column names and types must be non-empty strings.” |
DataFormatConversion.ParseError |
“Encountered malformed JSON.” |
DataFormatConversion.MalformedData |
“Data does not match the schema.” |
DataFormatConversion.MalformedData |
“Length of json key must not be greater than 262144” |
DataFormatConversion.MalformedData |
“The data cannot be decoded as UTF-8.” |
DataFormatConversion.MalformedData |
“Illegal character found between tokens.” |
DataFormatConversion.InvalidTypeFormat |
“The type format is invalid. Check the type syntax.” |
DataFormatConversion.InvalidSchema |
“Invalid Schema. Please ensure that there are no special characters or white spaces in column names.” |
DataFormatConversion.InvalidRecord |
“Record is not as per schema. One or more map keys were invalid for map<string,string>.” |
DataFormatConversion.MalformedData |
“The input JSON contained a primitive at the top level. The top level must be an object or array.” |
DataFormatConversion.MalformedData |
“The input JSON contained a primitive at the top level. The top level must be an object or array.” |
DataFormatConversion.MalformedData |
“The record was empty or contained only whitespace.” |
DataFormatConversion.MalformedData |
“Encountered invalid characters.” |
DataFormatConversion.MalformedData |
“Encountered invalid or unsupported timestamp format. Please see the Firehose developer guide for supported timestamp formats.” |
DataFormatConversion.MalformedData |
“A scalar type was found in the data but a complex type was specified on the schema.” |
DataFormatConversion.MalformedData |
“Data does not match the schema.” |
DataFormatConversion.MalformedData |
“A scalar type was found in the data but a complex type was specified on the schema.” |
DataFormatConversion.ConversionFailureException |
“ConversionFailureException” |
DataFormatConversion.DataFormatConversionCustomerErrorException |
“DataFormatConversionCustomerErrorException” |
DataFormatConversion.DataFormatConversionCustomerErrorException |
“DataFormatConversionCustomerErrorException” |
DataFormatConversion.MalformedData |
“Data does not match the schema.” |
DataFormatConversion.InvalidSchema |
“The schema is invalid.” |
DataFormatConversion.MalformedData |
“Data does not match the schema. Invalid format for one or more dates.” |
DataFormatConversion.MalformedData |
“Data contains a highly nested JSON structure that is not supported.” |
DataFormatConversion.EntityNotFound |
“The specified table/database could not be found. Please ensure that the table/database exists and that the values provided in the schema configuration are correct, especially with regards to casing.” |
DataFormatConversion.InvalidInput |
“Could not find a matching schema from glue. Please make sure the specified database with the supplied catalog ID exists.” |
DataFormatConversion.InvalidInput |
“Could not find a matching schema from glue. Please make sure the passed ARN is in the correct format.” |
DataFormatConversion.InvalidInput |
“Could not find a matching schema from glue. Please make sure the catalogId provided is valid.” |
DataFormatConversion.InvalidVersionId |
“Could not find a matching schema from glue. Please make sure the specified version of the table exists.” |
DataFormatConversion.NonExistentColumns |
“Could not find a matching schema from glue. Please make sure the table is configured with a non-null storage descriptor containing the target columns.” |
DataFormatConversion.AccessDenied |
“Access was denied when assuming role. Please ensure that the role specified in the data format conversion configuration has granted the Firehose service permission to assume it.” |
DataFormatConversion.ThrottledByGlue |
“Throttling error encountered when calling Glue. Either increase the request rate limit or reduce the current rate of calling glue through other applications.” |
DataFormatConversion.AccessDenied |
“Access was denied when calling Glue. Please ensure that the role specified in the data format conversion configuration has the necessary permissions.” |
DataFormatConversion.InvalidGlueRole |
“Invalid role. Please ensure that the role specified in the data format conversion configuration exists.” |
DataFormatConversion.GlueNotAvailableInRegion |
“AWS Glue is not yet available in the region you have specified; please specify a different region.” |
DataFormatConversion.GlueEncryptionException |
“There was an error retrieving the master key. Ensure that the key exists and has the correct access permissions.” |
DataFormatConversion.SchemaValidationTimeout |
“Timed out while retrieving table from Glue. If you have a large number of Glue table versions, please add 'glue:GetTableVersion' permission (recommended) or delete unused table versions. If you do not have a large number of tables in Glue, please contact AWS Support.” |
DataFirehose.InternalError |
“Timed out while retrieving table from Glue. If you have a large number of Glue table versions, please add 'glue:GetTableVersion' permission (recommended) or delete unused table versions. If you do not have a large number of tables in Glue, please contact AWS Support.” |
DataFormatConversion.MalformedData |
“One or more fields have incorrect format.” |
