I'm trying to make HTTP requests to an AWS Elasticsearch domain protected by an IAM access policy. I need to sign these requests for them to be authorized by AWS. I'm using Jest , which in turn use Apache HttpComponents Client .
This seems to be a common use case, but I can't find what should I do so Jest can sign all requests.
I think I found it! :)
This project seems to do exactly what I want : aws-signing-request-interceptor , described as "Request Interceptor for Apache Client that signs the request for AWS. Originally created to support AWS' Elasticsearch Service using the Jest client." .
Edit : I forked the project to fit my needs (Java 7, temporary STS credentials), and it works nicely.
Here is an example of usage (here without STS temporary credentials):
String region = "us-east-1";
String service = "es";
String url = "???"; // put the AWS ElasticSearch endpoint here
DefaultAWSCredentialsProviderChain awsCredentialsProvider = new DefaultAWSCredentialsProviderChain();
final AWSSigner awsSigner = new AWSSigner(awsCredentialsProvider, region, service, () -> new LocalDateTime(DateTimeZone.UTC));
JestClientFactory factory = new JestClientFactory() {
@Override
protected HttpClientBuilder configureHttpClient(HttpClientBuilder builder) {
builder.addInterceptorLast(new AWSSigningRequestInterceptor(awsSigner));
return builder;
}
};
factory.setHttpClientConfig(new HttpClientConfig.Builder(url)
.multiThreaded(true)
.build());
JestClient client = factory.getObject();
This doesn't work in case of Async request.
Update:
Ignore my previous comment. It works after adding interceptor for async requests too:
final AWSSigningRequestInterceptor requestInterceptor = new AWSSigningRequestInterceptor(awsSigner);
factory = new JestClientFactory() {
@Override
protected HttpClientBuilder configureHttpClient(HttpClientBuilder builder) {
builder.addInterceptorLast(requestInterceptor);
return builder;
}
@Override
protected HttpAsyncClientBuilder configureHttpClient(HttpAsyncClientBuilder builder) {
builder.addInterceptorLast(requestInterceptor);
return builder;
}
};
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.