Skip to content

Instantly share code, notes, and snippets.

@nakedible-p
Created October 19, 2015 19:55
Show Gist options
  • Save nakedible-p/ad95dfb1c16e75af1ad5 to your computer and use it in GitHub Desktop.
Save nakedible-p/ad95dfb1c16e75af1ad5 to your computer and use it in GitHub Desktop.
AWS ES proxy
var AWS = require('aws-sdk');
var http = require('http');
var httpProxy = require('http-proxy');
var express = require('express');
var bodyParser = require('body-parser');
var stream = require('stream');
if (process.argv.length != 3) {
console.error('usage: aws-es-proxy <my-cluster-endpoint>');
process.exit(1);
}
var ENDPOINT = process.argv[2];
var m = ENDPOINT.match(/\.([^.]+)\.es\.amazonaws\.com\.?$/);
if (!m) {
console.error('region cannot be parsed from endpoint address, must end in .<region>.es.amazonaws.com');
process.exit(1);
}
var REGION = m[1];
var TARGET = 'https://' + process.argv[2];
var PORT = 9200;
var BIND_ADDRESS = '127.0.0.1';
var creds;
var chain = new AWS.CredentialProviderChain();
chain.resolve(function (err, resolved) {
if (err) throw err;
else creds = resolved;
});
function getcreds(req, res, next) {
return creds.get(function (err) {
if (err) return next(err);
else return next();
});
}
var proxy = httpProxy.createProxyServer({
target: TARGET,
changeOrigin: true,
secure: true
});
var app = express();
app.use(bodyParser.raw({type: '*/*'}));
app.use(getcreds);
app.use(function (req, res) {
var bufferStream;
if (Buffer.isBuffer(req.body)) {
var bufferStream = new stream.PassThrough();
bufferStream.end(req.body);
}
proxy.web(req, res, {buffer: bufferStream});
});
proxy.on('proxyReq', function (proxyReq, req, res, options) {
var endpoint = new AWS.Endpoint(ENDPOINT);
var request = new AWS.HttpRequest(endpoint);
request.method = proxyReq.method;
request.path = proxyReq.path;
request.region = REGION;
if (Buffer.isBuffer(req.body)) request.body = req.body;
if (!request.headers) request.headers = {};
request.headers['presigned-expires'] = false;
request.headers['Host'] = ENDPOINT;
var signer = new AWS.Signers.V4(request, 'es');
signer.addAuthorization(creds, new Date());
proxyReq.setHeader('Host', request.headers['Host']);
proxyReq.setHeader('X-Amz-Date', request.headers['X-Amz-Date']);
proxyReq.setHeader('Authorization', request.headers['Authorization']);
if (request.headers['x-amz-security-token']) proxyReq.setHeader('x-amz-security-token', request.headers['x-amz-security-token']);
});
http.createServer(app).listen(PORT, BIND_ADDRESS);
console.log('listening at ' + BIND_ADDRESS + ':' + PORT);
@nicokruger
Copy link

+1, this works brilliantly!

@joonaskaskisola
Copy link

Excellent, thank you!

@arunjadhav16
Copy link

Will this work with IAM Roles ? am little skeptical about using access key and secret access key.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment