Skip to content

Instantly share code, notes, and snippets.

@nakedible-p
Created October 19, 2015 19:55
Show Gist options
  • Save nakedible-p/ad95dfb1c16e75af1ad5 to your computer and use it in GitHub Desktop.
Save nakedible-p/ad95dfb1c16e75af1ad5 to your computer and use it in GitHub Desktop.
AWS ES proxy
var AWS = require('aws-sdk');
var http = require('http');
var httpProxy = require('http-proxy');
var express = require('express');
var bodyParser = require('body-parser');
var stream = require('stream');
if (process.argv.length != 3) {
console.error('usage: aws-es-proxy <my-cluster-endpoint>');
process.exit(1);
}
var ENDPOINT = process.argv[2];
var m = ENDPOINT.match(/\.([^.]+)\.es\.amazonaws\.com\.?$/);
if (!m) {
console.error('region cannot be parsed from endpoint address, must end in .<region>.es.amazonaws.com');
process.exit(1);
}
var REGION = m[1];
var TARGET = 'https://' + process.argv[2];
var PORT = 9200;
var BIND_ADDRESS = '127.0.0.1';
var creds;
var chain = new AWS.CredentialProviderChain();
chain.resolve(function (err, resolved) {
if (err) throw err;
else creds = resolved;
});
function getcreds(req, res, next) {
return creds.get(function (err) {
if (err) return next(err);
else return next();
});
}
var proxy = httpProxy.createProxyServer({
target: TARGET,
changeOrigin: true,
secure: true
});
var app = express();
app.use(bodyParser.raw({type: '*/*'}));
app.use(getcreds);
app.use(function (req, res) {
var bufferStream;
if (Buffer.isBuffer(req.body)) {
var bufferStream = new stream.PassThrough();
bufferStream.end(req.body);
}
proxy.web(req, res, {buffer: bufferStream});
});
proxy.on('proxyReq', function (proxyReq, req, res, options) {
var endpoint = new AWS.Endpoint(ENDPOINT);
var request = new AWS.HttpRequest(endpoint);
request.method = proxyReq.method;
request.path = proxyReq.path;
request.region = REGION;
if (Buffer.isBuffer(req.body)) request.body = req.body;
if (!request.headers) request.headers = {};
request.headers['presigned-expires'] = false;
request.headers['Host'] = ENDPOINT;
var signer = new AWS.Signers.V4(request, 'es');
signer.addAuthorization(creds, new Date());
proxyReq.setHeader('Host', request.headers['Host']);
proxyReq.setHeader('X-Amz-Date', request.headers['X-Amz-Date']);
proxyReq.setHeader('Authorization', request.headers['Authorization']);
if (request.headers['x-amz-security-token']) proxyReq.setHeader('x-amz-security-token', request.headers['x-amz-security-token']);
});
http.createServer(app).listen(PORT, BIND_ADDRESS);
console.log('listening at ' + BIND_ADDRESS + ':' + PORT);
@satheessh
Copy link

getting below error fluentd + proxy. however simple curl (localhost:9200) works fine.

error_class="Elasticsearch::Transport::Transport::Errors::Forbidden" error="[403] {"message":"The request signature we calculated does not match the signature you provided. Check your AWS Secret Access Key and signing method. Consult the service documentation for details.\n\nThe Canonical String for this request should have been\n'POST\n/_bulk\n\nhost:search-elastic-search-fx2ecksqldt5uoljqaawt655fa.us-east-1.es.amazonaws.com\nx-amz-date:20160420T093625Z\n\nhost;x-amz-date\n98a6e169f9136854c5dd591dcd23a606cd70311ca643bcde483c87dbad18ff2f'\n\nThe String-to-Sign should have been\n'AWS4-HMAC-SHA256\n20160420T093625Z\n20160420/us-east-1/es/aws4_request\n0cb3e76bfed7f8b25715e4ab35cead39054dface473512275c6f832d2ea11b8a'\n"}"

@jindov
Copy link

jindov commented Aug 21, 2017

+1 you save my day
I use supervisor to control this, configure with AWS variables
Thanks

@nicokruger
Copy link

+1, this works brilliantly!

@joonaskaskisola
Copy link

Excellent, thank you!

@arunjadhav16
Copy link

Will this work with IAM Roles ? am little skeptical about using access key and secret access key.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment