Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Support for Secured AWS ElasticSearch #749

Closed
lostinplace opened this issue Feb 14, 2017 · 31 comments
Closed

Support for Secured AWS ElasticSearch #749

lostinplace opened this issue Feb 14, 2017 · 31 comments
Milestone

Comments

@lostinplace
Copy link

Is there a way (or a plan) to support IAM secured clusters on AWS ElastiscSearch?

@sksamuel
Copy link
Collaborator

sksamuel commented Feb 14, 2017 via email

@lostinplace
Copy link
Author

You have to sign the requests with your AWS credentials

see https://aws.amazon.com/blogs/security/how-to-control-access-to-your-amazon-elasticsearch-service-domain/

@sksamuel
Copy link
Collaborator

sksamuel commented Feb 16, 2017 via email

@lostinplace
Copy link
Author

does that mean that if I were to submit a pull request that did this, it would be rejected?

@sksamuel
Copy link
Collaborator

It really depends on what the support is for. If its something unique to elasticsearch then it would be fine to add to elastic4s. If it's a generic authentication used by all of Amazon's services then its better in some amazon library no?

@sksamuel
Copy link
Collaborator

sksamuel commented Mar 2, 2017

Do you think this would work, if I add a hook into the HTTP client to use it easily?
https://github.com/inreachventures/aws-signing-request-interceptor

@lostinplace
Copy link
Author

yup, that's exactly what's needed

@mdarcemont
Copy link

I'm very interested in a hook into the HTTP client too.

@alex1712
Copy link
Contributor

alex1712 commented Jun 27, 2017

I hope you already got it to work, but I use the same principle as the apache interceptor described previously and it works for me.

The only difference is that I had to modify the Host header to remove the port.

Here is the code -> https://gist.github.com/alex1712/f41091ea316b6cdb0429dda71151a6d9

Maybe can help someone.

@lustefaniak
Copy link
Contributor

Would be great if something like that was provided in elastic4s. Probably as additional module.

@dmitry-avershin
Copy link

hi @sksamuel, are you planning to add a hook to the http client that will ease the integration with AWS or any other service that requires signing the request in future versions of elastic4s?

@sksamuel
Copy link
Collaborator

@dmitry-avershin I'll add something into v6.

@sksamuel sksamuel added this to the 6.0 milestone Aug 21, 2017
@dmitry-avershin
Copy link

dmitry-avershin commented Aug 22, 2017

@sksamuel nice, I can support here if needed

@sksamuel
Copy link
Collaborator

@dmitry-avershin feel free to create a PR. I would be looking at doing something along the lines of the link I posted in this thread, or open to other ideas.

@nemo83
Copy link

nemo83 commented Sep 4, 2017

Hey all, I'm interested in this feature too. Is the hook implemented on any branch? Or shall I temporarily implement the code as per @alex1712? Please feel free to ping me if you need anyone to test it on AWS !

Great work everyone!

@sksamuel
Copy link
Collaborator

sksamuel commented Sep 4, 2017

Yep please have a go.

@nemo83
Copy link

nemo83 commented Sep 4, 2017

Ok, I did a test with @alex1712 snippet and elastic4s version "5.4.3" and it works like a charm.

I can work on a PR if no else is working on it....

@sksamuel
Copy link
Collaborator

sksamuel commented Sep 4, 2017

I'm not working on it personally, there's been no movement from others so I think it's safe to pick up.

@saraiva132
Copy link
Contributor

Would also love to have this. @nemo83, are you working on a PR?

@nemo83
Copy link

nemo83 commented Oct 5, 2017

unfortunately not :-( @saraiva132

@saraiva132
Copy link
Contributor

@alex1712 gist seems to contain everything I need which is cool. However, the dependency to aws-request-signer worries me. I will look into it as well and If I figure a decent enough solution I might look if it is enough for a PR.

@alex1712
Copy link
Contributor

alex1712 commented Oct 5, 2017

Hi, thanks for taking care.

This depency is actually this project here :
https://github.com/ticofab/aws-request-signer

Is only one class if you want a check the code.

@saraiva132
Copy link
Contributor

@alex1712 Yeah, I have read the code and am also reading the aws documentation for signing (version 4). I am working on a request-signer and an object to provide a client with the interceptor and afterwards I will try and make a PR to see if this can be added to elastic4s 6 as a module. So basically the same as your gist and that project.

@sksamuel
Copy link
Collaborator

sksamuel commented Oct 6, 2017

What I think we need is an elastic4s-aws module which contains an apache http interceptor. This interceptor would use the aws signer to sign the requests. Then the user can add the interceptor to the HttpClient, and we can provide an AwsHttpClient object method to do that conveniently.

@saraiva132
Copy link
Contributor

@sksamuel Yep. Will work on just that.

@saraiva132
Copy link
Contributor

@sksamuel I just finished my first working draft (took me longer than expected. Going to make the PR with my proposal soon, any advice from you? (i.e. expected tests, code style)

@sksamuel
Copy link
Collaborator

I'm not fussy - as long as there's tests for it, and it works, I'm happy :)

@sksamuel
Copy link
Collaborator

sksamuel commented Dec 5, 2017

Merged into 6.0

@sksamuel sksamuel closed this as completed Dec 5, 2017
@uccmen
Copy link

uccmen commented Mar 13, 2018

How do I use this? I see no documentation on README or wherever.

@hekaldama
Copy link
Contributor

@uccmen did you get an answer figure it out?

@uccmen
Copy link

uccmen commented May 28, 2018

@hekaldama - I got it to work with the below conf.

val elasticEndpoint = s"elasticsearch://$esHost:$esPort?ssl=true"
val esConfig = Aws4ElasticConfig(elasticEndpoint, awsAccessKey, awsSecretKey, awsRegion)
val esClient = Aws4ElasticClient(esConfig)

and sorry for the late response!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

No branches or pull requests

10 participants