<![CDATA[Do you support sig4 auth headers for AWS Elasticsearch?]]>Does FusionAuth support sig4 auth headers for an aws hosted elasticsearch domain?

]]>https://fusionauth.io/community/forum/topic/141/do-you-support-sig4-auth-headers-for-aws-elasticsearchRSS for NodeSun, 17 May 2026 20:53:24 GMTWed, 03 Jun 2020 16:20:21 GMT60<![CDATA[Reply to Do you support sig4 auth headers for AWS Elasticsearch? on Wed, 03 Jun 2020 16:25:20 GMT]]>If you are using https://aws.amazon.com/elasticsearch-service/ for your Elasticsearch server, you can access it via AWS APIs and use IAM to control access: https://docs.aws.amazon.com/elasticsearch-service/latest/developerguide/es-ac.html

However, FusionAuth doesn't currently support the AWS signature for Elasticsearch requests.

The recommended way of securing such clusters is to place it in a private subnet and restricting traffic to it using a security group. More information: https://fusionauth.io/docs/v1/tech/installation-guide/securing#fusionauth-search

If you have to make it public to make it accessible to resources outside if AWS you could use a source IP lock, a VPN, basic auth if AWS supports it, or you could proxy the request perhaps to another endpoint that can build the AWS sig v4 header.

]]>https://fusionauth.io/community/forum/post/330https://fusionauth.io/community/forum/post/330Wed, 03 Jun 2020 16:25:20 GMT