搜索安全的AWS ElasticSearch [英] Searching against secured AWS ElasticSearch

问题描述

我已经在AWS上设置了一个新的ElasticSearch集群，它只允许访问特定的IAM用户。

I have setup a new ElasticSearch cluster on AWS which is only allowing access to a specific IAM user.

但是，我试图从Ruby连接到这个并使用AWS SDK查看，但是没有办法实际对您的ES群集进行HTTP操作，只能访问配置API。

However, I'm trying to connect to this from Ruby and looked at using the AWS SDK but that has no methods for actually making HTTP operations against your ES cluster, only accessing the configuration APIs.

像往常一样，这需要所有AWS请求签署API访问所需的东西，但是我找不到任何指示如何执行此操作的东西。我正在使用Ruby。

As usual, this requires all the AWS request signing stuff that they require for API access, but I can't find anything that indicates how to do this stuff. I'm using Ruby.

本质上，我可以使用IAM用户凭据向此集群发出GET和PUT请求。对于我来说，IP限制不是一个选择。

Essentially, what I'm after is being able to make GET and PUT requests to this cluster using the IAM user creds. IP restriction isn't an option for me.

推荐答案

您可以从Ruby对Amazon Elasticsearch进行签名安全请求。我在Heroku上做了一个应用程序。

You can make signed, secure requests to Amazon Elasticsearch from Ruby. I did the following with an app on Heroku.

确保你有弹性搜索gem> = v1.0.15，因为这个支持只在2015年12月4日实现。

您还需要此宝石：

gem 'faraday_middleware-aws-signers-v4'

elasticsearch-ruby / elasticsearch-transport
文档：

您可以在配置块中使用任何标准的法拉第中间件和插件，例如签署AWS Elasticsearch服务的请求：

You can use any standard Faraday middleware and plugins in the configuration block, for example sign the requests for the AWS Elasticsearch service:

使用以下代码：

require 'faraday_middleware/aws_signers_v4'

client = Elasticsearch::Client.new(url: ENV['AWS_ENDPOINT_URL']) do |f|
  f.request :aws_signers_v4,
            credentials: Aws::Credentials.new(ENV['AWS_ACCESS_KEY_ID'], ENV['AWS_SECRET_ACCESS_KEY']),
            service_name: 'es',
            region: 'us-east-1'
  f.adapter Faraday.default_adapter
end

这也适用于使用Rails的searchkick宝石。使用上述示例在初始化程序中设置Searchkick.client：

This also works with the searchkick gem with Rails. Set Searchkick.client using the above example, in an initializer:

# config/initializers/elasticsearch.rb
require 'faraday_middleware/aws_signers_v4'

Searchkick.client = Elasticsearch::Client.new(url: ENV['AWS_ENDPOINT_URL']) do |f|
  f.request :aws_signers_v4,
            credentials: Aws::Credentials.new(ENV['AWS_ACCESS_KEY_ID'], ENV['AWS_SECRET_ACCESS_KEY']),
            service_name: 'es',
            region: 'us-east-1'
  f.adapter Faraday.default_adapter
end

这篇关于搜索安全的AWS ElasticSearch的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！