Connect to Elastic Cloud with Java Low Level Rest Client

I want to connect to my AWS Elasticsearch cloud but it only works for my localhost.

When i connect to localhost i type this, and this works:
RestClient restClient = RestClient.builder(new HttpHost("localhost", 9200, "http"), new HttpHost("localhost", 9200, "http")).build();

However when i try to connect to my AWS version of Elasticsearch I dont understand how to connect. This is whay i've tried to do.

RestClient restClient = RestClient.builder( new HttpHost("", 9243, "https"), new HttpHost("", 9243, "https")).build();

I get this error:

Caused by: org.elasticsearch.client.ResponseException: method [GET], host [], URI [/], status line [HTTP/1.1 401 Unauthorized] {"error":{"root_cause":[{"type":"security_exception","reason":"action [cluster:monitor/main] requires authentication","header":{"WWW-Authenticate":["Bearer realm=\"security\"","Basic realm=\"security\" charset=\"UTF-8\""]}}],"type":"security_exception","reason":"action [cluster:monitor/main] requires authentication","header":{"WWW-Authenticate":["Bearer realm=\"security\"","Basic realm=\"security\" charset=\"UTF-8\""]}},"status":401}

I believe i somehow need to authenticate myself, how do i do that?

I can connect to my localhost but not to a AWS Cloud. How do i authenticate?

There seems to be some confusion in your post. You talk about AWS Elasticsearch and AWS Cloud, but your URL is which is part of Elastic Cloud running on AWS, but it is not AWS Elasticsearch. Those are different services.

We can help you with Elastic Cloud, but we don't have expertise in AWS Elasticsearch. I assume this is just some confusion in terminology, and your URLs are correct and you are trying to connect to Elastic Cloud.

So, with respect to your problem:

Yes, you definitely need to Authenticate yourself.

There's 2 parts to that answer:

  1. Configuring users on your cluster
  2. Using a username and password in your client.

Configuring users on your cluster
When you signed up to Elastic Cloud you would have been given a username and password to connect to your cluster / Kibana. The user would be elastic and the password would have been auto generated.
While you can use that username/password to connect from your client, we strongly discourage it. That user is a superuser that can do everything on the cluster. It can delete all your data, change all your configurations, etc. You should keep that password protected, and not use it within your client.
Instead, you should login to Kibana (using elastic) and create a new username + password for your client. There's some instructions on using the Kibana Security Management UI here:

  1. create a new role, that has the "monitor" cluster privilege, and then appropriate read/write access to whatever indices your client is going to read from/write to.
  2. create a new user, and grant them your new role.

Using a username and password in your client.
The docuentation for how to do this in the Low Level Rest Client is here:

It's fairly self explanatory, but ask if you have any issues.

I changed the title of this thread so that it reflects "Elastic Cloud" rather than "AWS Elasticsearch".

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.