I have setup a new ElasticSearch cluster on AWS which is only allowing access to a specific IAM user.
However, I'm trying to connect to this from Ruby and looked at using the AWS SDK but that has no methods for actually making HTTP operations against your ES cluster, only accessing the configuration APIs.
As usual, this requires all the AWS request signing stuff that they require for API access, but I can't find anything that indicates how to do this stuff. I'm using Ruby.
Essentially, what I'm after is being able to make GET and PUT requests to this cluster using the IAM user creds. IP restriction isn't an option for me.
To make it easy for customers to run open-source Elasticsearch, AWS offers Amazon OpenSearch Service to perform interactive log analytics, real-time application monitoring, website search, and more. To learn more about OpenSearch and the ways to operationalize it, please click here.
OpenSearch is a fork of Elasticsearch. OpenSearch is picking up where open-source Elasticsearch left off. The team working on OpenSearch has forked version 7.10 of Elasticsearch and is in the process of gutting it.
Amazon OpenSearch Service is a fully managed service that makes it easy to deploy, operate, and scale OpenSearch (now supporting Apache Lucene 9) clusters securely and cost-effectively in the AWS Cloud.
You can make signed, secure requests to Amazon Elasticsearch from Ruby. I did the following with an app on Heroku.
Ensure you have elasticsearch gem >= v1.0.15 as support for this was only implemented there Dec 4th, 2015.
You also need this gem:
gem 'faraday_middleware-aws-signers-v4'
Example from the elasticsearch-ruby/elasticsearch-transport documentation:
You can use any standard Faraday middleware and plugins in the configuration block, for example sign the requests for the AWS Elasticsearch service:
With the following code:
require 'faraday_middleware/aws_signers_v4'
client = Elasticsearch::Client.new(url: ENV['AWS_ENDPOINT_URL']) do |f|
f.request :aws_signers_v4,
credentials: Aws::Credentials.new(ENV['AWS_ACCESS_KEY_ID'], ENV['AWS_SECRET_ACCESS_KEY']),
service_name: 'es',
region: 'us-east-1'
f.adapter Faraday.default_adapter
end
This also works with the searchkick gem with Rails. Set Searchkick.client using the above example, in an initializer:
# config/initializers/elasticsearch.rb
require 'faraday_middleware/aws_signers_v4'
Searchkick.client = Elasticsearch::Client.new(url: ENV['AWS_ENDPOINT_URL']) do |f|
f.request :aws_signers_v4,
credentials: Aws::Credentials.new(ENV['AWS_ACCESS_KEY_ID'], ENV['AWS_SECRET_ACCESS_KEY']),
service_name: 'es',
region: 'us-east-1'
f.adapter Faraday.default_adapter
end
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With