elastic: Can't put document into AWS ES service.

Which version of Elastic are you using?

elastic.v2 (for Elasticsearch 1.x)

Please describe the expected behavior

Successful document put into the index.

Please describe the actual behavior

Error is returned:

elastic: Error 403 (Forbidden)

Any steps to reproduce the behavior?

Setup:

    creds := credentials.NewEnvCredentials()
    signer := v4.NewSigner(creds)
    awsClient, err := aws_signing_client.New(signer, nil, "es", "us-west-2")
    if err != nil {
        return nil, err
    }

    return elastic.NewClient(
        elastic.SetURL(...),
        elastic.SetScheme("https"),
        elastic.SetHttpClient(awsClient),
        elastic.SetSniff(false),
    )

Put:

    _, err = e.Client.Index().Index(indexName).Type(indexType).
        Id(doc.ID).
        BodyJson(doc).
        Do()

Not sure if this is elastic or aws_signing_client issue.

About this issue

Original URL
State: closed
Created 8 years ago
Comments: 26 (13 by maintainers)

Commits related to this issue

Switch SearchService to buildURL pattern The SearchService now uses the pattern used by the generated services, using Validate and buildURL for generating the URL and parameters. See #317 — committed to olivere/elastic by olivere 8 years ago

Most upvoted comments

I’ve solved that by creating http.Transport based on https://github.com/smartystreets/go-aws-auth

type AWSSigningTransport struct {
    HTTPClient  *http.Client
    Credentials awsauth.Credentials
}

// RoundTrip implementation
func (a AWSSigningTransport) RoundTrip(req *http.Request) (*http.Response, error) {
    return a.HTTPClient.Do(awsauth.Sign4(req, a.Credentials))
}

Usage

    signingTransport := AWSSigningTransport{
        Credentials: awsauth.Credentials{
            AccessKeyID:     os.Getenv("AWS_ACCESS_KEY"),
            SecretAccessKey: os.Getenv("AWS_SECRET_KEY"),
        },
        HTTPClient: http.DefaultClient,
    }
    signingClient := &http.Client{Transport: http.RoundTripper(signingTransport)}

    return elastic.NewClient(
        elastic.SetURL(...),
        elastic.SetScheme("https"),
        elastic.SetHttpClient(signingClient),
        elastic.SetSniff(false),
    )

mthenw on Jul 7, 2016