Amazon OpenSearch uses AWS SigV4 for authentication. We’re trying to make it dead easy to make authenticated requests across all OpenSearch clients in opensearch-clients#22. Please help contribute end-to-end cookbook examples to this post below for various clients.
curl
export AWS_ACCESS_KEY_ID=...
export AWS_SECRET_ACCESS_KEY=...
export AWS_SESSION_TOKEN=...
curl \
--verbose \
--request GET "https://...us-west-2.es.amazonaws.com" \
--aws-sigv4 "aws:amz:us-west-2:es" \
--user "$AWS_ACCESS_KEY_ID:$AWS_SECRET_ACCESS_KEY" \
-H "x-amz-security-token:$AWS_SESSION_TOKEN"
awscurl
export AWS_ACCESS_KEY_ID=...
export AWS_SECRET_ACCESS_KEY=...
export AWS_SESSION_TOKEN=...
awscurl \
"https://search...us-west-2.es.amazonaws.com" \
--region us-west-2 \
--service es
aws-es-curl
aws-es-curl \
"https://search...us-west-2.es.amazonaws.com" \
--region us-west-2
Java
opensearch-java
Use AwsSdk2Transport
introduced in opensearch-java 2.1.0 (see opensearch-java#55 and opensearch-java#177 for more information). This is the latest recommended approach.
import java.io.IOException;
import org.opensearch.client.opensearch.OpenSearchClient;
import org.opensearch.client.opensearch.core.InfoResponse;
import org.opensearch.client.transport.aws.AwsSdk2Transport;
import org.opensearch.client.transport.aws.AwsSdk2TransportOptions;
import software.amazon.awssdk.http.SdkHttpClient;
import software.amazon.awssdk.http.apache.ApacheHttpClient;
import software.amazon.awssdk.regions.Region;
public static void main(final String[] args) throws IOException {
SdkHttpClient httpClient = ApacheHttpClient.builder().build();
try {
OpenSearchClient client = new OpenSearchClient(
new AwsSdk2Transport(
httpClient,
"search-...us-west-2.es.amazonaws.com",
Region.US_WEST_2,
AwsSdk2TransportOptions.builder().build()
)
);
InfoResponse info = client.info();
System.out.println(info.version().distribution() + ": " + info.version().number());
} finally {
httpClient.close();
}
}
You can see a working demo in opensearch-java-client-demo.
aws-request-signing-apache-interceptor
Use an interceptor and any Apache REST client, including RestHighLevelClient
.
import java.io.IOException;
import org.apache.http.HttpRequestInterceptor;
import org.apache.http.client.ClientProtocolException;
import org.apache.http.client.methods.CloseableHttpResponse;
import org.apache.http.client.methods.HttpGet;
import org.apache.http.impl.client.CloseableHttpClient;
import org.apache.http.impl.client.HttpClients;
import io.github.acm19.aws.interceptor.http.AwsRequestSigningApacheInterceptor;
import software.amazon.awssdk.auth.credentials.DefaultCredentialsProvider;
import software.amazon.awssdk.auth.signer.Aws4Signer;
import software.amazon.awssdk.regions.Region;
import software.amazon.awssdk.utils.IoUtils;
public static void main(String[] args) throws
ClientProtocolException, IOException {
HttpRequestInterceptor interceptor = new AwsRequestSigningApacheInterceptor(
"es",
Aws4Signer.create(),
DefaultCredentialsProvider.create(),
Region.US_WEST_2
);
CloseableHttpClient client = HttpClients.custom()
.addInterceptorLast(interceptor)
.build();
HttpGet httpGet = new HttpGet("https://...");
CloseableHttpResponse httpResponse = httpClient.execute(httpGet);
System.out.println(httpResponse.getStatusLine());
System.out.println(IoUtils.toUtf8String(response.getEntity().getContent()));
}
You can see a working demo in the interceptor code. For an example that uses OpenSearch RestHighLevelClient
see 1.x or 2.x depending on your version.
Ruby
See opensearch-ruby#71.
PHP
See opensearch-php#59.
JavaScript
See opensearch-js#252.
Python
See opensearch-py#85.
Go
See opensearch-go#117.
Rust
See opensearch-rs#36.