/aws-elasticsearch-connector

A tiny Amazon Signature Version 4 connection class for Elasticsearch.js

Primary LanguageJavaScriptMIT LicenseMIT

aws-elasticsearch-connector

Build Status Code Climate Test Coverage Dependency Status Download Status

A tiny Amazon Signature Version 4 connection class for the official Elasticsearch Node.js client, for compatibility with AWS Elasticsearch and IAM authentication.

Supports AWS SDK global or specific configuration instances (AWS.Config), including asyncronous credentials from IAM roles and credential refreshing.

Installation

npm install --save aws-elasticsearch-connector @elastic/elasticsearch aws-sdk

Example usage

Using global configuration

const { Client } = require("@elastic/elasticsearch");
const AWS = require("aws-sdk");
const createAwsElasticsearchConnector = require("aws-elasticsearch-connector");

// (Optional) load profile credentials from file
AWS.config.update({
  profile: "my-profile",
});

const client = new Client({
  ...createAwsElasticsearchConnector(AWS.config),
  node: "https://my-elasticsearch-cluster.us-east-1.es.amazonaws.com",
});

Using specific configuration

const { Client } = require("@elastic/elasticsearch");
const AWS = require("aws-sdk");
const createAwsElasticsearchConnector = require("aws-elasticsearch-connector");

const awsConfig = new AWS.Config({
  // Your credentials and settings here, see
  // https://docs.aws.amazon.com/AWSJavaScriptSDK/latest/AWS/Config.html#constructor-property
});

const client = new Client({
  ...createAwsElasticsearchConnector(awsConfig),
  node: "https://my-elasticsearch-cluster.us-east-1.es.amazonaws.com",
});

Using aws-sdk v3

const { STSClient, AssumeRoleCommand } = require("@aws-sdk/client-sts");
const { Client } = require("@elastic/elasticsearch");
const createAwsElasticsearchConnector = require("aws-elasticsearch-connector");

async function ping() {
  const creds = await assumeRole(
    "arn:aws:iam::0123456789012:role/Administrator",
    "us-east-1"
  );
  const client = new Client({
    ...createAwsElasticsearchConnector({
      region: "us-east-1",
      credentials: creds,
    }),
    node: "https://my-elasticsearch-cluster.us-east-1.es.amazonaws.com",
  });
  const response = await client.ping();
  console.log(`Got Response`, response);
}

async function assumeRole(roleArn, region) {
  const client = new STSClient({ region });
  const response = await client.send(
    new AssumeRoleCommand({
      RoleArn: roleArn,
      RoleSessionName: "aws-es-connection",
    })
  );
  return {
    accessKeyId: response.Credentials.AccessKeyId,
    secretAccessKey: response.Credentials.SecretAccessKey,
    sessionToken: response.Credentials.SessionToken,
  };
}

Test

npm test

# Run integration tests against a real endpoint
AWS_PROFILE=your-profile npm run test:integration -- \
  --endpoint https://my-elasticsearch-cluster.us-east-1.es.amazonaws.com