I am building a golang RESTful API and trying to access ES using signed requests. I have followed documentation on AWS the documentation of the Golang AWS elastic search client package I am using (olivere/elastic)
Following golang code is used to create a new client
signer := v4.NewSigner(credentials.NewStaticCredentials("IAM_USER_ID", "IAM_USER_SECRET", ""))
awsClient, err := aws_signing_client.New(signer, nil, "es", "us-east-1")
if err != nil {
return nil, err
}
return elastic.NewClient(
elastic.SetURL("https://my-aws-endpoint.us-east-1.es.amazonaws.com"),
elastic.SetScheme("https"),
elastic.SetHttpClient(awsClient),
elastic.SetSniff(false), // See note below
)
In ElasticSearch AWS console, I have modified an access policy like that:
Seems I am able to discover the ES node, but when I try to execute a query, ES return http status 403 – don't have permission.
I also have tried to grant IAM user with the AmazonESFullAccess policy but seems it doesn't have any effect.
There appears to be an issue in the signing library. The following pull request fixed it. (not yet merged) https://github.com/sha1sum/aws_signing_client/pull/3
following code worked for me. es version is 7.10
import (
"fmt"
"log"
"github.com/aws/aws-sdk-go/aws/credentials"
"github.com/olivere/elastic/v7"
aws "github.com/olivere/elastic/v7/aws/v4"
)
func main() {
var (
accessKey = "aws key"
secretKey = "aws secret key"
host = "es url"
region = "es region"
)
creds := credentials.NewStaticCredentials(accessKey, secretKey, "")
_, err := creds.Get()
if err != nil {
log.Fatal("Wrong credentials: ", err)
}
signingClient := aws.NewV4SigningClient(creds, region)
// Create an Elasticsearch client
client, err := elastic.NewClient(
elastic.SetURL(host),
elastic.SetSniff(false),
elastic.SetHealthcheck(false),
elastic.SetHttpClient(signingClient),
)
if err != nil {
log.Fatal(err)
}
indices, err := client.IndexNames()
fmt.Println(indices)
if err != nil {
log.Fatal(err)
}
// Just a status message
fmt.Println("Connection succeeded")
}
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.