Amazon Elasticsearch Service (Amazon ES) is a managed service that makes it easy to deploy, operate, and scale Elasticsearch, a popular open-source search and analytics engine. Amazon ES offers direct access to the Elasticsearch API, meaning that developers can use the tools with which they’re familiar, as well as robust security options, such as using IAM users and roles for access control. Many Elasticsearch clients support request signing, but if you're using a client that doesn't, you can sign arbitrary PSR-7 requests with the SDK's built-in credential providers and signers.
Amazon ES uses Signature Version 4,
which means that you will need to sign requests against the service's signing
name (es
, in this case) and the region of your Amazon ES domain. A full list
of regions supported by Amazon ES can be found on AWS's Regions and Endpoints
page,
but in this sample, I'll be signing requests against an Amazon ES domain in the
us-west-2
region.
You'll need to provide credentials, which can be done either with the SDK's
default provider chain or any any form of credentials described in
Credentials, as well as a PSR-7 request
(assumed in the code below to be named $psr7Request
):
// Pull credentials from the default provider chain
$provider = Aws\Credentials\CredentialProvider::defaultProvider();
$credentials = call_user_func($provider)->wait();
// Create a signer with the service's signing name and region
$signer = new Aws\Signature\SignatureV4('es', 'us-west-2');
// Sign your request
$signedRequest = $signer->signRequest($psr7Request, $credentials);