stackoom
  简体   繁体   中英

How to exactly sign AWS elasticsearch search request in axios using Nodejs if I am not using cognito?

 原文  2019-11-18 00:24:07       javascript/ node.js/ amazon-web-services/ elasticsearch

Question

Purpose of web app: User visits site, inputs their data and selects the store they are responsible for and hits submit. Then in back end dynamoDB will connect the two sets of data - user contact to store info. I am using api gateway to hit the search and create routes - no authentication involved, besides iam role which allows lambda to talk to ES and dynamoDB.

1) I am not using Cognito or authenticating - I don't need it for this use case, this is for a survey app. However, I am using Elasticsearch to help with my autocomplete drop down/search fields.

2) I am able to make a normal non signed axios call to get search results (see code (A1) below). Params.url has the {endpoint}/indexname/_search. This works because right now I have my endpoint wide open.

What I want to accomplish: I want to lock down my ES domain so it is a bit more secure. While IAM role allows my lambda to talk to ES, unless ES is wide open I can't do the search functionality shown in (A1). I KNOW I have to sign my requests, but I am a little confused as to how to accomplish this using packages like aws4. The example shown on AWS site is a little confusing and I have not had any luck replicating it.

I have started the process with aws4 (seen in A2) but I am unclear how to get this working. Can someone please give some guidance? To summarize..: a) How do I implement the signed request with aws4 or any other method and b) what should the policy for the ES domain look like?

A1) 

 axios({ method: "post", url: params.url, headers: { "Content-Type": "application/json" }, data: { query: { query_string: { default_field: "Building Description", query: params.data } } } });

A2) 

 axios(aws4.sign({ host: process.env.ES_ENDPOINT, method: "POST", url: `https://${process.env.ES_ENDPOINT}/indexname/_search`, path: "/indexname/_search", }))

1 answers

solution1
 1 ACCPTED  2019-11-18 01:26:26

The easiest way to do this is just use the AWS JavaScript SDK to do the signing and provide it with limited scope credentials.

NB : This does not mean using the AWS SDK ElasticSearch client.

When using the AWS SDKs in Lambda, this is done for you, but it can also be done in any javascript environment. Although I would think very carefully about using it client side, even that can have its uses.

Possible ways to add credentials for JavaScript SDK can be found here .

Example of making a signed request to ES using AWS JavaScript SDK can be seen here .

There are several examples of resource based access policies here . I think what you are after will be in the bottom half of that page.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Am I correctly using the request module in NodeJS? How to send a POST request to my NodeJS server with an object using AXIOS? Multiple get request using axios in Nodejs How to use AWS Cognito SDK to authenticate user from REST Service using NodeJS? How to authenticate user in browser using AWS Cognito? I am using NodeJs for building e-commerce app. However, axios is not defined error occurs How do I convert this code generated by postman to a request using axios? How to I perform a delete request one item at a time using Axios? How do I make a POST request using axios in react? 400 BAD REQUEST when POST using Axios in React with Nodejs/Express
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM