If you limit your Amazon Elasticsearch Service with an IAM role, you will need to sign every http request made to the service. The function createESConnectorClass creates a new class that can be used as a drop-in replacement for Elasticsearch default class. For example:
var elasticsearch = require('elasticsearch');
var esHttpConnector = require('elasticsearch/src/lib/connectors/http');
var AWS = require('aws-sdk');
var awsEs = require('aws-es-utils');
var let client = new elasticsearch.Client({
host: 'https://xxxx.ap-southeast-2.es.amazonaws.com',
connectionClass: awsEs.createESConnectorClass({
AWS: AWS,
superClass: esHttpConnector
}),
awsRequestSigning: true
});Extra config to Elasticsearch client constructor
awsRequestSigning(boolean): enable AWS request signingawsRegion(string | optional): AWS region. If this property is missing, the class will try to parse the region from the host name.awsCredential(object | optional): optional AWS credentials. If this property is missing, the class will try to use AWS.CredentialProviderChain to retrieve the default credential. This property could be either an AWS.Credentials object or a normal object with the following properties:accessKeyId(string): the AWS access key IDsecretAccessKey(string): the AWS secret access keysessionToken(string): the optional AWS session token (the string you received from AWS STS when you obtained temporary security credentials))
This project is licensed under the terms of the Apache license.