Support for "read-only" AWS ES instances

Question

Support for "read-only" AWS ES instances

Opened this issue 6 years ago · 0 comments

Sometimes it useful to allow users to access AWS Elastic Service in read-only mode only, i.e. without granting them POST method in the AWS policy, and granting e.g. only:

    "Action": [
        "es:Describe",
        "es:List",
        "es:ESHttpGet"
      ]

There unfortunately does not seem to be better way of preventing users from writing to AWS ES than revoking their POST permission.

Out of the box, Jest library (at least in its 5.x version) unfortunately uses the POST method for many read requests, e.g. Count, MultiGet and Search, which makes querying of such AWS ES instances impossible.

To overcome this, we replaced the JestHttpClient with a patched version that would use GET method for the aforementioned requests and it seems to work fine.

Two questions:

Why is POST being used for operations where GET seems viable?
Are there any plans to support "read-only" Jest, i.e. one that uses GET instead of POST where supported? Would a MR for this get accepted?