Support for "read-only" AWS ES instances
Opened this issue · 0 comments
Sometimes it useful to allow users to access AWS Elastic Service in read-only mode only, i.e. without granting them POST
method in the AWS policy, and granting e.g. only:
"Action": [
"es:Describe",
"es:List",
"es:ESHttpGet"
]
There unfortunately does not seem to be better way of preventing users from writing to AWS ES than revoking their POST
permission.
Out of the box, Jest library (at least in its 5.x version) unfortunately uses the POST
method for many read requests, e.g. Count
, MultiGet
and Search
, which makes querying of such AWS ES instances impossible.
To overcome this, we replaced the JestHttpClient
with a patched version that would use GET
method for the aforementioned requests and it seems to work fine.
Two questions:
-
Why is
POST
being used for operations whereGET
seems viable? -
Are there any plans to support "read-only" Jest, i.e. one that uses
GET
instead ofPOST
where supported? Would a MR for this get accepted?