Skip to:

  1. Skip to Jira Navigation
  2. Skip to Side Navigation
  3. Skip to Main Content

Elasticsearch AWS should support AWS Credential Providers for authentication

Description

The hibernate-search-elasticsearch-aws module signs requests to AWS Elasticsearch instances, but only if we directly declare the aws secret and access keys as properties at startup.

When running on an EC2 instance its recommended to use the role provided by the EC2 instance using their provided roles that use temporary credentials https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_use-resources.html . `AWSCredentialsProvider` from the aws java sdk abstracts that in a friendly way.

It would be great if we could provide an instance of `AWSCredentialsProvider` to hibernate search at startup so that it can use that for signing the elastic search requests.

Activity

Show:

Yoann Rodière May 20, 2020 at 11:15 AM

Nothing new here, no.

If you're interested and you need it urgently, you can have a look at converting the hibernate-search-backend-elasticsearch-aws module to use the official AWS SDK instead of the current (minimal) library. The code is here: https://github.com/hibernate/hibernate-search/tree/master/backend/elasticsearch-aws and the contribution guide is here: https://github.com/hibernate/hibernate-search/blob/master/CONTRIBUTING.md .

Then, you'll probably be able to add new ways to provide credentials. I believe the AWS SDK supports various solutions, including environment variables.

Vitalii May 20, 2020 at 10:48 AM

Any updates on it?
This feature is very important from AWS security & compliance point of view.

Yoann Rodière April 5, 2019 at 6:21 AM

Thanks for the heads-up. I believe there was a reason for us not to use the AWS Java SDK in the first place, so I will have to check that again. But worst case we may be able to provide an abstraction that allows you to plug in an AWSCredentialsProvider.

Planning this for 6.0... optimistically.

Fixed

Details

Assignee

Reporter

Sprint

Fix versions

Priority

Created April 4, 2019 at 9:53 PM
Updated October 8, 2020 at 12:30 PM
Resolved September 29, 2020 at 12:09 PM