Amazon Elasticsearch Service and IAM Policies on HTTP Methods

June 25, 2017 #aws #iam #elasticsearch

The Creating and Configuring Amazon Elasticsearch Service Domains documentation shows the Elasticsearch HTTP methods could be controlled using IAM policies:

Amazon ES supports the following actions for HTTP methods. You can attach a separate access policy to each HTTP method:

  • es:ESHttpDelete
  • es:ESHttpGet
  • es:ESHttpHead
  • es:ESHttpPost
  • es:ESHttpPut

Since this is an open source interface and not an Amazon solution, it may be initially confusing to understand how this could work. The aws-sdk-java/ source in GitHub shows an AWSCredentialsProvider implementing the Signature Version 4 Signing Process on the HTTP requests.  Unfortunately, this means not all Elasticsearch Clients will be compatible with this security configuration.

Kevin Hakanson

Multi-Cloud Certified Architect | DevSecOps | AppSec | Web Platform | Speaker | Learner | Builder
Twitter | LinkedIn | GitHub | Stack Overflow | Credly

© 2024 Kevin Hakanson (built with Gatsby)