Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Can I use Amazon's Elasticsearch with Rails searchkick gem securely?

I want to know if and how I can use searchkick with Amazon's Elasticsearch securely.

Bellow is an image of the access options. IP Address isn't ideal as the server IP could change.

If I limit access to one or more AWS accounts or IAM users, then I'm not sure how to authenticate from the rails app.

Amazon Elasticsearch access options

like image 501
Somazx Avatar asked Dec 06 '22 19:12

Somazx


1 Answers

You can make signed, secure requests to Amazon Elasticsearch from Ruby. I did the following with an app on Heroku.

Ensure you have elasticsearch gem >= v1.0.15 as support for this was only implemented there Dec 4th, 2015.

You also need this gem:

gem 'faraday_middleware-aws-signers-v4'

Example from the elasticsearch-ruby/elasticsearch-transport documentation:

You can use any standard Faraday middleware and plugins in the configuration block, for example sign the requests for the AWS Elasticsearch service:

With the following code:

require 'faraday_middleware/aws_signers_v4'

client = Elasticsearch::Client.new(url: ENV['AWS_ENDPOINT_URL']) do |f|
  f.request :aws_signers_v4,
            credentials: Aws::Credentials.new(ENV['AWS_ACCESS_KEY_ID'], ENV['AWS_SECRET_ACCESS_KEY']),
            service_name: 'es',
            region: 'us-east-1'
end

This also works with the searchkick gem with Rails. Set Searchkick.client using the above example, in an initializer:

# config/initializers/elasticsearch.rb
require 'faraday_middleware/aws_signers_v4'

Searchkick.client = Elasticsearch::Client.new(url: ENV['AWS_ENDPOINT_URL']) do |f|
  f.request :aws_signers_v4,
            credentials: Aws::Credentials.new(ENV['AWS_ACCESS_KEY_ID'], ENV['AWS_SECRET_ACCESS_KEY']),
            service_name: 'es',
            region: 'us-east-1'
end
like image 100
Somazx Avatar answered Jan 05 '23 00:01

Somazx