Do you support sig4 auth headers for AWS Elasticsearch?
dan last edited by dan
Does FusionAuth support sig4 auth headers for an aws hosted elasticsearch domain?
dan last edited by
If you are using https://aws.amazon.com/elasticsearch-service/ for your Elasticsearch server, you can access it via AWS APIs and use IAM to control access: https://docs.aws.amazon.com/elasticsearch-service/latest/developerguide/es-ac.html
However, FusionAuth doesn't currently support the AWS signature for Elasticsearch requests.
The recommended way of securing such clusters is to place it in a private subnet and restricting traffic to it using a security group. More information: https://fusionauth.io/docs/v1/tech/installation-guide/securing#fusionauth-search
If you have to make it public to make it accessible to resources outside if AWS you could use a source IP lock, a VPN, basic auth if AWS supports it, or you could proxy the request perhaps to another endpoint that can build the AWS sig v4 header.