Elasticsearch AWS should support AWS Credential Providers for authentication

Description

The hibernate-search-elasticsearch-aws module signs requests to AWS Elasticsearch instances, but only if we directly declare the aws secret and access keys as properties at startup.

When running on an EC2 instance its recommended to use the role provided by the EC2 instance using their provided roles that use temporary credentials https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_use-resources.html . `AWSCredentialsProvider` from the aws java sdk abstracts that in a friendly way.

It would be great if we could provide an instance of `AWSCredentialsProvider` to hibernate search at startup so that it can use that for signing the elastic search requests.

Environment

None

Activity

Show:
Yoann Rodière
April 5, 2019, 6:21 AM

Thanks for the heads-up. I believe there was a reason for us not to use the AWS Java SDK in the first place, so I will have to check that again. But worst case we may be able to provide an abstraction that allows you to plug in an AWSCredentialsProvider.

Planning this for 6.0... optimistically.

Vitalii
May 20, 2020, 10:48 AM

Any updates on it?
This feature is very important from AWS security & compliance point of view.

Yoann Rodière
May 20, 2020, 11:15 AM

Nothing new here, no.

If you're interested and you need it urgently, you can have a look at converting the hibernate-search-backend-elasticsearch-aws module to use the official AWS SDK instead of the current (minimal) library. The code is here: https://github.com/hibernate/hibernate-search/tree/master/backend/elasticsearch-aws and the contribution guide is here: https://github.com/hibernate/hibernate-search/blob/master/CONTRIBUTING.md .

Then, you'll probably be able to add new ways to provide credentials. I believe the AWS SDK supports various solutions, including environment variables.

Assignee

Yoann Rodière

Reporter

Simon DeMartini

Labels

None

Suitable for new contributors

None

Feedback Requested

None

Fix versions

Affects versions

Priority

Minor
Configure