AuthorizationException from ES

Question

AuthorizationException from ES

mwildehahn opened this issue 9 years ago · 4 comments

I setup this library yesterday and its been working really well (thank you).

I have a process running that receives requests and then executes a search. The process initializes an ES client once when it starts and then leverages the keep alive connection.

This was working last night and then this morning every request the process made returned an AuthorizationException with a status of 403.

I'm using the AWS.CredentailProviderChain to get the credentials object which resolves to the EC2MetadataCredentails.

My take on what is happening:

the client starts up and uses the metadata credentials to sign requests
the API keys rotate on the metadata server so after a certain period of time, the credentials http-aws-es is using become invalid
any request made will fail until the process restarts so we can fetch the new metadata credentials

I think the right answer is to take the credentials object, but also a method to refresh credentials. Then if we get a 403, we can attempt to refresh the credentails and try the request again.

Answer 1 · 2016-04-14T17:42:27.000Z

AWS.Credential objects have a get method that handles refreshing the credentials for you.

I've implemented that within: #12

Answer 2 · 2016-04-15T09:29:07.000Z

@mhahn thanks for the report!

It does sound like the creds need refreshing if they expire after some time. I believe #1 takes this approach, checking for if credentials need a refresh before making a request.

I am a bit behind on merging PRs on this module because I would like a better way to test against an actual amazon ES instance and running this on Lambda. Once that's in place I can start merging these and publishing updates.

Answer 3 · 2016-04-15T16:19:00.000Z

yea i think that is something similar. i'm not a fan of the use of setTimeout in that implementation though, I think using promises is cleaner and easier to understand.

Answer 4 · 2016-08-08T18:51:28.000Z

I am currently receiving this error but in a different scenario. I am connecting to AWS ES with hard coded credentials passed to the client from Kibana 4.5.4. Has anyone successfully used this package within Kibana to connect to AWS ES?