All geek questions in one place

Search Secure AWS ElasticSearch

I installed a new ElasticSearch cluster on AWS that only allows access to a specific IAM user.

However, I am trying to connect to this from Ruby and have looked at using the AWS SDK, but it has no methods for actually performing HTTP operations against your ES cluster, only for accessing the configuration APIs.

As usual, this requires all AWS subscription material, which is required to access the API, but I cannot find anything that indicates how to do this. I am using Ruby.

Essentially, what I need can do GET and PUT requests for this cluster using custom IAM accounts. IP restriction is not an option for me.

+5
source share
1 answer

You can make Amazon Elasticsearch secure signed requests with Ruby. I did the following with an application on Heroku.

Make sure you have elasticsearch gem> = v1.0.15, since support for this was implemented there on December 4, 2015.

You also need this stone:

gem 'faraday_middleware-aws-signers-v4'

Example from elasticsearch-ruby / elasticsearch-transport documentation:

You can use any standard Faraday middleware and plugins in the configuration block, for example, sign requests for AWS Elasticsearch service:

With the following code:

 require 'faraday_middleware/aws_signers_v4' client = Elasticsearch::Client.new(url: ENV['AWS_ENDPOINT_URL']) do |f| f.request :aws_signers_v4, credentials: Aws::Credentials.new(ENV['AWS_ACCESS_KEY_ID'], ENV['AWS_SECRET_ACCESS_KEY']), service_name: 'es', region: 'us-east-1' f.adapter Faraday.default_adapter end

It also works with search stone with Rails. Install Searchkick.client using the above example in the initializer:

 # config/initializers/elasticsearch.rb require 'faraday_middleware/aws_signers_v4' Searchkick.client = Elasticsearch::Client.new(url: ENV['AWS_ENDPOINT_URL']) do |f| f.request :aws_signers_v4, credentials: Aws::Credentials.new(ENV['AWS_ACCESS_KEY_ID'], ENV['AWS_SECRET_ACCESS_KEY']), service_name: 'es', region: 'us-east-1' f.adapter Faraday.default_adapter end
+2
source

Source: https://habr.com/ru/post/1233865/

More articles:


All Articles