Hi,
I have created a cluster of AWS Elasticsearch service in a VPC. There are many services in my organization that are in different VPC and want to access my Elasticsearch domain.
To do that a public proxy server can be used and services can communicate with Elasticsearch by using this proxy server.
So I have created an Nginx server with the domain name "xyz.example.com" that will forward the request to the Elasticsearch.
And by using the IAM user, I will authorize the Elasticsearch.
I am using this code to connect with Elasticsearch -
from elasticsearch import Elasticsearch, RequestsHttpConnection
from requests_aws4auth import AWS4Auth
host = 'xyz.example.com'
region = 'ap-southeast-1' # e.g. us-west-1
service = 'es'
awsauth = AWS4Auth(value_of_access_key, value_of_secret_key, region, service)
es = Elasticsearch(
hosts = [{'host': host, 'port': 443}],
http_auth = awsauth,
use_ssl = True,
verify_certs = True,
connection_class = RequestsHttpConnection
)
print(es.cluster.health)
So i am getting error -
TransportError(403, u'{"message":"The request signature we calculated does not match the signature you provided. Check your AWS Secret Access Key and signing method. Consult the service documentation for details."}')
but when I use native URL of the elastic domain and try to connect from the same vpc. Then I am not getting any error -
from elasticsearch import Elasticsearch, RequestsHttpConnection
from requests_aws4auth import AWS4Auth
host = 'test-domain.us-east-1.es.amazonaws.com'
region = 'ap-southeast-1' # e.g. us-west-1
service = 'es'
awsauth = AWS4Auth(value_of_access_key, value_of_secret_key, region, service)
es = Elasticsearch(
hosts = [{'host': host, 'port': 443}],
http_auth = awsauth,
use_ssl = True,
verify_certs = True,
connection_class = RequestsHttpConnection
)
print(es.cluster.health)
Getting the expected result.