I am building a golang RESTful API and trying to access ES using signed requests. I have followed documentation on AWS the documentation of the Golang AWS elastic search client package I am using (olivere/elastic)
Following golang code is used to create a new client
signer := v4.NewSigner(credentials.NewStaticCredentials("IAM_USER_ID", "IAM_USER_SECRET", ""))
awsClient, err := aws_signing_client.New(signer, nil, "es", "us-east-1")
if err != nil {
return nil, err
}
return elastic.NewClient(
elastic.SetURL("https://my-aws-endpoint.us-east-1.es.amazonaws.com"),
elastic.SetScheme("https"),
elastic.SetHttpClient(awsClient),
elastic.SetSniff(false), // See note below
)
In ElasticSearch AWS console, I have modified an access policy like that:
Seems I am able to discover the ES node, but when I try to execute a query, ES return http status 403 – don't have permission.
I also have tried to grant IAM user with the AmazonESFullAccess policy but seems it doesn't have any effect.