Daniel Doubrovkine bio photo

Daniel Doubrovkine

aka dB., @awscloud, former CTO @artsy, +@vestris, NYC

Email Twitter LinkedIn Github Strava
Creative Commons License

Amazon OpenSearch uses AWS SigV4 for authentication. We’re trying to make it dead easy to make authenticated requests across all OpenSearch clients in opensearch-clients#22. Please help contribute end-to-end cookbook examples to this post below for various clients.

curl

export AWS_ACCESS_KEY_ID=...
export AWS_SECRET_ACCESS_KEY=...
export AWS_SESSION_TOKEN=...

curl \
  --verbose \
  --request GET "https://...us-west-2.es.amazonaws.com" \
  --aws-sigv4 "aws:amz:us-west-2:es" \
  --user "$AWS_ACCESS_KEY_ID:$AWS_SECRET_ACCESS_KEY" \
  -H "x-amz-security-token:$AWS_SESSION_TOKEN"

awscurl

export AWS_ACCESS_KEY_ID=...
export AWS_SECRET_ACCESS_KEY=...
export AWS_SESSION_TOKEN=...

awscurl \
  "https://search...us-west-2.es.amazonaws.com" \
  --region us-west-2 \
  --service es

aws-es-curl

aws-es-curl \
  "https://search...us-west-2.es.amazonaws.com" \
  --region us-west-2

Java

opensearch-java

Use AwsSdk2Transport introduced in opensearch-java 2.1.0 (see opensearch-java#55 and opensearch-java#177 for more information). This is the latest recommended approach.

import java.io.IOException;

import org.opensearch.client.opensearch.OpenSearchClient;
import org.opensearch.client.opensearch.core.InfoResponse;
import org.opensearch.client.transport.aws.AwsSdk2Transport;
import org.opensearch.client.transport.aws.AwsSdk2TransportOptions;

import software.amazon.awssdk.http.SdkHttpClient;
import software.amazon.awssdk.http.apache.ApacheHttpClient;
import software.amazon.awssdk.regions.Region;

public static void main(final String[] args) throws IOException {
    SdkHttpClient httpClient = ApacheHttpClient.builder().build();
    try {

        OpenSearchClient client = new OpenSearchClient(
            new AwsSdk2Transport(
                httpClient,
                "search-...us-west-2.es.amazonaws.com",
                Region.US_WEST_2,
                AwsSdk2TransportOptions.builder().build()
            )
        );

        InfoResponse info = client.info();
        System.out.println(info.version().distribution() + ": " + info.version().number());
    } finally {
      httpClient.close();
    }
}

You can see a working demo in opensearch-java-client-demo.

aws-request-signing-apache-interceptor

Use an interceptor and any Apache REST client, including RestHighLevelClient.

import java.io.IOException;

import org.apache.http.HttpRequestInterceptor;
import org.apache.http.client.ClientProtocolException;
import org.apache.http.client.methods.CloseableHttpResponse;
import org.apache.http.client.methods.HttpGet;
import org.apache.http.impl.client.CloseableHttpClient;
import org.apache.http.impl.client.HttpClients;

import io.github.acm19.aws.interceptor.http.AwsRequestSigningApacheInterceptor;
import software.amazon.awssdk.auth.credentials.DefaultCredentialsProvider;
import software.amazon.awssdk.auth.signer.Aws4Signer;
import software.amazon.awssdk.regions.Region;
import software.amazon.awssdk.utils.IoUtils;

public static void main(String[] args) throws 
    ClientProtocolException, IOException {
    
    HttpRequestInterceptor interceptor = new AwsRequestSigningApacheInterceptor(
        "es",
        Aws4Signer.create(), 
        DefaultCredentialsProvider.create(), 
        Region.US_WEST_2
    );

    CloseableHttpClient client = HttpClients.custom()
        .addInterceptorLast(interceptor)
        .build();

    HttpGet httpGet = new HttpGet("https://...");
    CloseableHttpResponse httpResponse = httpClient.execute(httpGet);
    System.out.println(httpResponse.getStatusLine());
    System.out.println(IoUtils.toUtf8String(response.getEntity().getContent()));
}

You can see a working demo in the interceptor code. For an example that uses OpenSearch RestHighLevelClient see 1.x or 2.x depending on your version.

Ruby

See opensearch-ruby#71.

PHP

See opensearch-php#59.

JavaScript

See opensearch-js#252.

Python

See opensearch-py#85.

Go

See opensearch-go#117.

Rust

See opensearch-rs#36.