Signing an Amazon OpenSearch Service search request with Amazon SDK for PHP Version 3 - Amazon SDK for PHP
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

Signing an Amazon OpenSearch Service search request with Amazon SDK for PHP Version 3

Amazon OpenSearch Service is a managed service that makes it easy to deploy, operate, and scale Amazon OpenSearch Service, a popular open-source search, and analytics engine. OpenSearch Service offers direct access to the Amazon OpenSearch Service API. This means that developers can use the tools with which they’re familiar, as well as robust security options. Many Amazon OpenSearch Service clients support request signing, but if you’re using a client that doesn’t, you can sign arbitrary PSR-7 requests with the built-in credential providers and signers of the Amazon SDK for PHP.

The following examples show how to:

  • Sign a request with the Amazon signing protocol using SignatureV4.

All the example code for the Amazon SDK for PHP is available here on GitHub.


Before running the example code, configure your Amazon credentials, as described in Credentials. Then import the Amazon SDK for PHP, as described in Basic usage.

Signing an OpenSearch Service request

OpenSearch Service uses Signature Version 4. This means that you need to sign requests against the service’s signing name (es, in this case) and the Amazon Region of your OpenSearch Service domain. A full list of Regions supported by OpenSearch Service can be found on the Amazon Regions and Endpoints page in the Amazon Web Services General Reference. However, in this example, we sign requests against an OpenSearch Service domain in the us-west-2 region.

You need to provide credentials, which you can do either with the SDK’s default provider chain or with any form of credentials described in Credentials for the Amazon SDK for PHP Version 3. You’ll also need a PSR-7 request (assumed in the code below to be named $psr7Request).

// Pull credentials from the default provider chain $provider = Aws\Credentials\CredentialProvider::defaultProvider(); $credentials = call_user_func($provider)->wait(); // Create a signer with the service's signing name and Region $signer = new Aws\Signature\SignatureV4('es', 'us-west-2'); // Sign your request $signedRequest = $signer->signRequest($psr7Request, $credentials);