I want to know if and how I can use searchkick with Amazon's Elasticsearch securely.
Bellow is an image of the access options. IP Address isn't ideal as the server IP could change.
If I limit access to one or more AWS accounts or IAM users, then I'm not sure how to authenticate from the rails app.
You can make signed, secure requests to Amazon Elasticsearch from Ruby. I did the following with an app on Heroku.
Ensure you have elasticsearch gem >= v1.0.15 as support for this was only implemented there Dec 4th, 2015.
You also need this gem:
gem 'faraday_middleware-aws-signers-v4'
Example from the elasticsearch-ruby/elasticsearch-transport documentation:
You can use any standard Faraday middleware and plugins in the configuration block, for example sign the requests for the AWS Elasticsearch service:
With the following code:
require 'faraday_middleware/aws_signers_v4'
client = Elasticsearch::Client.new(url: ENV['AWS_ENDPOINT_URL']) do |f|
f.request :aws_signers_v4,
credentials: Aws::Credentials.new(ENV['AWS_ACCESS_KEY_ID'], ENV['AWS_SECRET_ACCESS_KEY']),
service_name: 'es',
region: 'us-east-1'
end
This also works with the searchkick gem with Rails. Set Searchkick.client using the above example, in an initializer:
# config/initializers/elasticsearch.rb
require 'faraday_middleware/aws_signers_v4'
Searchkick.client = Elasticsearch::Client.new(url: ENV['AWS_ENDPOINT_URL']) do |f|
f.request :aws_signers_v4,
credentials: Aws::Credentials.new(ENV['AWS_ACCESS_KEY_ID'], ENV['AWS_SECRET_ACCESS_KEY']),
service_name: 'es',
region: 'us-east-1'
end
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With