Categories
Uncategorized

How to sign aws elasticsearch service requests with elasticsearch-ruby using IAM

AWS ElasticSearch Service allows you to secure connections to your amazon elasticsearch servers in two ways:

  1. Restrict by IP
  2. Sign your request with IAM

Using the restrict by IP option is easy, but it won’t work in places like Heroku, where you don’t have control of the IP address of your app.

So you are left with option #2. However, the `elasticsearch-ruby` gem does not have any way to sign your request using IAM.

To add this functionality, we have to use a Faraday Middleware to inject aws code singing into `elasticsearch-ruby`. There is a gem `faraday_middleware-aws-signers-v4` that handles the code signing, but we have to configure `elasticsearch-ruby` to use it.

Here is how you do it

require the proper gems

gem ‘aws-sdk’,'< 2.0′
gem ‘faraday_middleware’
gem ‘faraday_middleware-aws-signers-v4’

add this to your config/initializers