I'm attempting to sign all of our AWS calls to ElasticSearch however the response is always;
User: anonymous is not authorized to perform: es:ESHttpGet on resource:
I've tried multiple key pairs and IAM users.
The calls within our PHP are made using the official elasticsearch-php client and all requests are signed using the connector found here.
Shown below is how we build the ElasticSearch client and apply signing middleware;
$credentials = new Credentials('<KEY>', '<SECRET>');
$signature = new SignatureV4('es', 'eu-central-1');
$middleware = new AwsSignatureMiddleware($credentials, $signature);
$defaultHandler = ESClientBuilder::defaultHandler();
$awsHandler = $middleware($defaultHandler);
$clientBuilder = ESClientBuilder::create();
$clientBuilder
->setHandler($awsHandler)
->setHosts(['<URL>']);
$this->_client = $clientBuilder->build();
For reference the policy attached to the elasticsearch instance we are trying to access is;
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"AWS": "arn:aws:iam::<IAM_USER>"
},
"Action": "es:*",
"Resource": "<RESOURCE>/*"
}
]
}
Other info;
Amazon Elasticsearch Service Is Now Amazon OpenSearch Service and Supports OpenSearch 1.0. In 2015, we launched Amazon Elasticsearch Service (Amazon ES), a fully managed service that makes it easy for you to perform interactive log analytics, real-time application monitoring, website search, and more.
Amazon Elasticsearch Service is a managed service that makes it easy to deploy, operate, and scale Elasticsearch in the AWS Cloud. Elasticsearch is a popular open-source search and analytics engine for use cases such as log analytics, real-time application monitoring, and click stream analytics.
It is hard to answer anything specific without a complete understanding of what is happening with the particular request, but here are some suggestions on where to start the search for solution.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With