Skip to content

Instantly share code, notes, and snippets.

@hassaku63

hassaku63/send-get-request-to-opensearch-using-curl-with-sigv4.sh

Last active March 22, 2024 20:17
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 1 You must be signed in to fork a gist
  • Save hassaku63/e3ed3cac288d429563cdddf1768613d6 to your computer and use it in GitHub Desktop.
Save hassaku63/e3ed3cac288d429563cdddf1768613d6 to your computer and use it in GitHub Desktop.
Download ZIP
Send GET request to OpenSearch Domain using curl with sig4 signature
Raw
send-get-request-to-opensearch-using-curl-with-sigv4.sh
aws_region='ap-northeast-1'
endpoint="https://DOMAIN_NAME.${aws_region}.es.amazonaws.com/"
AWS_ACCESS_KEY_ID='foo'
AWS_SECRET_ACCESS_KEY='bar'
curl $endpoint --verbose --aws-sigv4 "aws:amz:${aws_region}:es" --user "${AWS_ACCESS_KEY_ID}:${AWS_SECRET_ACCESS_KEY}"
@hassaku63
Copy link
Author

hassaku63 commented Mar 21, 2022
edited

it assumes opensearch domain created with "public access".

open search domain needs to be atttached appropriate domain policy (resource based).

the principal that perform http request to opensearch (e.g iam user) needs has appropriate permission.

example domain policy shown as below.

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Principal": {
        "AWS": "arn:aws:iam::012345678901:user/opensearch-user"
      },
      "Action": "es:*",
      "Resource": "arn:aws:es:<region>:012345678901:domain/my-domain-name/*"
    }
  ]
}

@danwashusen
Copy link

Small ansible module to send signed requests: https://gist.github.com/danwashusen/52130c8568d6809d4d40e39918bcfec4

@deepakgandla
Copy link

How do I use curl to send a GET request to an OpenSearch domain with sigv4 signature, utilising IAM roles?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment