AWS Elasticsearch – IAM access & secret key + signing an Amazon Elasticsearch Service Search Request:

1. Modify your ES cluster access policy to allow only our account to access.

–> AWS console -> ES cluster –> Select your cluster domain –> Modify Access policy –> select “Allow or deny access to one or more AWS accounts or IAM users” –> Give an account ID or IAM user (to which you have access/ secret key)–> OK.

Ex: your policy should be like below

“Version”: “2012-10-17″,
“Statement”: [
“Effect”: “Allow”,
“Principal”: {
“AWS”: [
“1214234234324324” –> Allowed only for this account.
“Action”: [
“Resource”: “arn:aws:es:us-east-1:1214234234324324:domain/esdomain/*”

2. From your application, using your IAM users access & secret key you can signing an Amazon Elasticsearch Service Search Request:


Below is an example code to search the movie tilte “hugo” from an index called “movies” by signing the request:

import requests
from aws_requests_auth.aws_auth import AWSRequestsAuth
import json
from elasticsearch import Elasticsearch, RequestsHttpConnection

# let’s talk to our AWS Elasticsearch cluster
es_host = ‘<ES_Endpoint>’
auth = AWSRequestsAuth(aws_access_key='<Access_key>’,

es_client = Elasticsearch(host=es_host,

res =”movies”, body={“query”: {“match” : {“title” : “Hugo” }}})
print res[‘hits’]

Leave a Comment

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>