AWS Elasticsearch – IAM access & secret key + signing an Amazon Elasticsearch Service Search Request:

1. Modify your ES cluster access policy to allow only our account to access.

–> AWS console -> ES cluster –> Select your cluster domain –> Modify Access policy –> select “Allow or deny access to one or more AWS accounts or IAM users” –> Give an account ID or IAM user (to which you have access/ secret key)–> OK.

Ex: your policy should be like below

{
“Version”: “2012-10-17″,
“Statement”: [
{
“Effect”: “Allow”,
“Principal”: {
“AWS”: [
“1214234234324324” –> Allowed only for this account.
]
},
“Action”: [
“es:*”
],
“Resource”: “arn:aws:es:us-east-1:1214234234324324:domain/esdomain/*”
}
]
}

2. From your application, using your IAM users access & secret key you can signing an Amazon Elasticsearch Service Search Request:

Ref: https://docs.aws.amazon.com/aws-sdk-php/v3/guide/service/es-data-plane.html

Below is an example code to search the movie tilte “hugo” from an index called “movies” by signing the request:

import requests
from aws_requests_auth.aws_auth import AWSRequestsAuth
import json
from elasticsearch import Elasticsearch, RequestsHttpConnection

# let’s talk to our AWS Elasticsearch cluster
es_host = ‘<ES_Endpoint>’
auth = AWSRequestsAuth(aws_access_key='<Access_key>’,
aws_secret_access_key='<secret_key>’,
aws_host=es_host,
aws_region=’us-west-2′,
aws_service=’es’)

es_client = Elasticsearch(host=es_host,
port=80,
connection_class=RequestsHttpConnection,
http_auth=auth)

print es_client.info()
res = es_client.search(index=”movies”, body={“query”: {“match” : {“title” : “Hugo” }}})
print res[‘hits’]

Leave a Comment

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>