AWS ES proxy

proxy.js

var AWS = require('aws-sdk');
var http = require('http');
var httpProxy = require('http-proxy');
var express = require('express');
var bodyParser = require('body-parser');
var stream = require('stream');

if (process.argv.length != 3) {
    console.error('usage: aws-es-proxy <my-cluster-endpoint>');
    process.exit(1);
}
var ENDPOINT = process.argv[2];
var m = ENDPOINT.match(/\.([^.]+)\.es\.amazonaws\.com\.?$/);
if (!m) {
    console.error('region cannot be parsed from endpoint address, must end in .<region>.es.amazonaws.com');
    process.exit(1);
}
var REGION = m[1];
var TARGET = 'https://' + process.argv[2];
var PORT = 9200;
var BIND_ADDRESS = '127.0.0.1';

var creds;
var chain = new AWS.CredentialProviderChain();
chain.resolve(function (err, resolved) {
    if (err) throw err;
    else creds = resolved;
});

function getcreds(req, res, next) {
    return creds.get(function (err) {
        if (err) return next(err);
        else return next();
    });
}
var proxy = httpProxy.createProxyServer({
    target: TARGET,
    changeOrigin: true,
    secure: true
});

var app = express();
app.use(bodyParser.raw({type: '*/*'}));
app.use(getcreds);
app.use(function (req, res) {
    var bufferStream;
    if (Buffer.isBuffer(req.body)) {
        var bufferStream = new stream.PassThrough();
        bufferStream.end(req.body);
    }
    proxy.web(req, res, {buffer: bufferStream});
});

proxy.on('proxyReq', function (proxyReq, req, res, options) {
    var endpoint = new AWS.Endpoint(ENDPOINT);
    var request = new AWS.HttpRequest(endpoint);
    request.method = proxyReq.method;
    request.path = proxyReq.path;
    request.region = REGION;
    if (Buffer.isBuffer(req.body)) request.body = req.body;
    if (!request.headers) request.headers = {};
    request.headers['presigned-expires'] = false;
    request.headers['Host'] = ENDPOINT;
    
    var signer = new AWS.Signers.V4(request, 'es');
    signer.addAuthorization(creds, new Date());

    proxyReq.setHeader('Host', request.headers['Host']);
    proxyReq.setHeader('X-Amz-Date', request.headers['X-Amz-Date']);
    proxyReq.setHeader('Authorization', request.headers['Authorization']);
    if (request.headers['x-amz-security-token']) proxyReq.setHeader('x-amz-security-token', request.headers['x-amz-security-token']);
});

http.createServer(app).listen(PORT, BIND_ADDRESS);
console.log('listening at ' + BIND_ADDRESS + ':' + PORT);

@nakedible-p Would you be interested in making it an npm? I'd be happy to setup the project and give you full access. I just want to get this out there for others to use as easily as possible. I've heard from AWS there is a solution coming in the near future to alleviate the need for this, but as of right now this is by far the best solution I've found. Kudos sir!

I wish I had this two months ago, thanks so much! AWS should put it in their docs!

Added an npm module for this aws-es-kibana. Thanks @nakedible-p

getting below error fluentd + proxy. however simple curl (localhost:9200) works fine.

error_class="Elasticsearch::Transport::Transport::Errors::Forbidden" error="[403] {"message":"The request signature we calculated does not match the signature you provided. Check your AWS Secret Access Key and signing method. Consult the service documentation for details.\n\nThe Canonical String for this request should have been\n'POST\n/_bulk\n\nhost:search-elastic-search-fx2ecksqldt5uoljqaawt655fa.us-east-1.es.amazonaws.com\nx-amz-date:20160420T093625Z\n\nhost;x-amz-date\n98a6e169f9136854c5dd591dcd23a606cd70311ca643bcde483c87dbad18ff2f'\n\nThe String-to-Sign should have been\n'AWS4-HMAC-SHA256\n20160420T093625Z\n20160420/us-east-1/es/aws4_request\n0cb3e76bfed7f8b25715e4ab35cead39054dface473512275c6f832d2ea11b8a'\n"}"

+1 you save my day
I use supervisor to control this, configure with AWS variables
Thanks

+1, this works brilliantly!

Excellent, thank you!

Will this work with IAM Roles ? am little skeptical about using access key and secret access key.