Last active
March 14, 2025 13:43
-
-
Save hassaku63/e3ed3cac288d429563cdddf1768613d6 to your computer and use it in GitHub Desktop.
Send GET request to OpenSearch Domain using curl with sig4 signature
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| aws_region='ap-northeast-1' | |
| endpoint="https://DOMAIN_NAME.${aws_region}.es.amazonaws.com/" | |
| AWS_ACCESS_KEY_ID='foo' | |
| AWS_SECRET_ACCESS_KEY='bar' | |
| curl $endpoint --verbose --aws-sigv4 "aws:amz:${aws_region}:es" --user "${AWS_ACCESS_KEY_ID}:${AWS_SECRET_ACCESS_KEY}" |
Small ansible module to send signed requests: https://gist.github.com/danwashusen/52130c8568d6809d4d40e39918bcfec4
How do I use curl to send a GET request to an OpenSearch domain with sigv4 signature, utilising IAM roles?
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
it assumes opensearch domain created with "public access".
open search domain needs to be atttached appropriate domain policy (resource based).
the principal that perform http request to opensearch (e.g iam user) needs has appropriate permission.
example domain policy shown as below.
{ "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Principal": { "AWS": "arn:aws:iam::012345678901:user/opensearch-user" }, "Action": "es:*", "Resource": "arn:aws:es:<region>:012345678901:domain/my-domain-name/*" } ] }