requests-with-awssigv4.py

# Talk to an AWS IAM protected ElasticSearch cluster
# Since its pretty hard to resort for this kind of stuff to curl (or extentions on it) we use Python
# Also, since its bothersome to check for the correct credentials place (disk, env, metadata endpoint, containerdata endpoint)
# its better to just peel out SigV4Auth from botocore.auth
# pip3 install boto3 requests
import boto3
from botocore.auth import SigV4Auth
from botocore.awsrequest import AWSRequest
import requests, sys


session = boto3.Session()
credentials = session.get_credentials()
creds = credentials.get_frozen_credentials()

def signed_request(method, url, data, params=None, headers=None):
    request = AWSRequest(method=method, url=url, data=data, params=params, headers=headers)
    SigV4Auth(creds, "es", 'eu-central-1').add_auth(request)
    return requests.request(method=method, url=url, headers=dict(request.headers), data=data)

def main():
    url = sys.argv[1]
    headers = {'Content-Type': 'application/json'}
    data=None
    if len(sys.argv) > 3:
        data = sys.argv[3]
    response = signed_request(method=sys.argv[2], url=url, data=data, headers=headers)
    # print(response)
    print(response.text)

if __name__ == "__main__":
    if len(sys.argv) < 2:
        sys.exit({'Message:': 'Provide cmd args <url> <method> and optional <data>'})
    main()