kevinhakanson.com

Amazon Elasticsearch Service and IAM Policies on HTTP Methods

June 25, 2017 #aws #iam #elasticsearch

The Creating and Configuring Amazon Elasticsearch Service Domains documentation shows the Elasticsearch HTTP methods could be controlled using IAM policies:

Amazon ES supports the following actions for HTTP methods. You can attach a separate access policy to each HTTP method:

  • es:ESHttpDelete
  • es:ESHttpGet
  • es:ESHttpHead
  • es:ESHttpPost
  • es:ESHttpPut

Since this is an open source interface and not an Amazon solution, it may be initially confusing to understand how this could work. The aws-sdk-java/AWSElasticsearchClient.java source in GitHub shows an AWSCredentialsProvider implementing the Signature Version 4 Signing Process on the HTTP requests.  Unfortunately, this means not all Elasticsearch Clients will be compatible with this security configuration.


© 2020 Kevin Hakanson (built with Gatsby)