Does their ES service require a request signed with an "AWS Signature"? Beats doesn't support any sort of provider specific authentication types. You can add custom static headers to the HTTP requests from Beats, use HTTP basic auth, or TLS mutual auth (aka client certs).
I see Amazon has a custom Logstash output for their service. You could route the data through Logstash (like Beats -> Logstash -> AWS ES). Or you could try Elastic Cloud which is Elastic's own hosted ES service that uses X-Pack to secure the cluster using standard mechanisms (TLS + basic auth, or TLS mutual auth).