how to sign requests in aws-elasticsearch-connector

Question

how to sign requests in aws-elasticsearch-connector

devagirir opened this issue 4 years ago · 2 comments

I have an aws elasticsearch where policies were defined as

{
  "Version": "***-**-**",
  "Statement": [
    {
      "Effect": "Allow",
      "Principal": {
        "AWS": "arn:aws:iam::**********:user/****@****.com"
      },
      "Action": [
        "es:ESHttpGet",
        "es:ESHttpDelete",
        "es:ESHttpHead",
        "es:ESHttpPost",
        "es:ESHttpPut"
      ],
      "Resource": "arn:aws:es:us-east-1:********:domain/*******/*"
    }
  ]
}

If you specify an account, user, or role in this policy, you must sign your requests.
AWS documentation says If you specify an account, user, or role in this policy, you must sign your requests.

Can you help me how to sign requests with aws-elasticsearch-connector module. Following is my current code which works if we dont specify policies.

const {Client} = require('@elastic/elasticsearch');

AWS.config.update({
    credentials: new AWS.Credentials(accessKey, secretAccessKey),
    region
  });
const client = new Client(
  {
    node: url,
    connectionClass: AmazonConnection,
    requestTimeout: getElasticClientTimeout()
  });

Answer 1 · 2020-07-04T01:17:17.000Z

There could be something wrong with your policy, or you might need to use credentials that are generated asynchronously, in which case see this example in the README: https://github.com/compwright/aws-elasticsearch-connector#with-asynchronous-or-refreshing-credentials-from-aws

Answer 2 · 2020-07-04T03:27:18.000Z

Issue resolved..Thanks