Amazon Elasticsearch Service and IAM Policies on HTTP Methods
June 25, 2017 #aws #iam #elasticsearch
The Creating and Configuring Amazon Elasticsearch Service Domains documentation shows the Elasticsearch HTTP methods could be controlled using IAM policies:
Amazon ES supports the following actions for HTTP methods. You can attach a separate access policy to each HTTP method:
- es:ESHttpDelete
- es:ESHttpGet
- es:ESHttpHead
- es:ESHttpPost
- es:ESHttpPut
Since this is an open source interface and not an Amazon solution, it may be initially confusing to understand how this could work. The aws-sdk-java/AWSElasticsearchClient.java source in GitHub shows an AWSCredentialsProvider implementing the Signature Version 4 Signing Process on the HTTP requests. Unfortunately, this means not all Elasticsearch Clients will be compatible with this security configuration.