I'm trying to make HTTP requests to an AWS Elasticsearch domain protected by an IAM access policy. I need to sign these requests for them to be authorized by AWS. I'm using Jest, which in turn use Apache HttpComponents Client.
This seems to be a common use case, but I can't find what should I do so Jest can sign all requests.
I think I found it! :)
This project seems to do exactly what I want : aws-signing-request-interceptor, described as "Request Interceptor for Apache Client that signs the request for AWS. Originally created to support AWS' Elasticsearch Service using the Jest client.".
Edit : I forked the project to fit my needs (Java 7, temporary STS credentials), and it works nicely.
Here is an example of usage (here without STS temporary credentials):
String region = "us-east-1";
String service = "es";
String url = "???"; // put the AWS ElasticSearch endpoint here
DefaultAWSCredentialsProviderChain awsCredentialsProvider = new DefaultAWSCredentialsProviderChain();
final AWSSigner awsSigner = new AWSSigner(awsCredentialsProvider, region, service, () -> new LocalDateTime(DateTimeZone.UTC));
JestClientFactory factory = new JestClientFactory() {
@Override
protected HttpClientBuilder configureHttpClient(HttpClientBuilder builder) {
builder.addInterceptorLast(new AWSSigningRequestInterceptor(awsSigner));
return builder;
}
};
factory.setHttpClientConfig(new HttpClientConfig.Builder(url)
.multiThreaded(true)
.build());
JestClient client = factory.getObject();