Created
October 19, 2015 19:55
-
-
Save nakedible-p/ad95dfb1c16e75af1ad5 to your computer and use it in GitHub Desktop.
AWS ES proxy
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
var AWS = require('aws-sdk'); | |
var http = require('http'); | |
var httpProxy = require('http-proxy'); | |
var express = require('express'); | |
var bodyParser = require('body-parser'); | |
var stream = require('stream'); | |
if (process.argv.length != 3) { | |
console.error('usage: aws-es-proxy <my-cluster-endpoint>'); | |
process.exit(1); | |
} | |
var ENDPOINT = process.argv[2]; | |
var m = ENDPOINT.match(/\.([^.]+)\.es\.amazonaws\.com\.?$/); | |
if (!m) { | |
console.error('region cannot be parsed from endpoint address, must end in .<region>.es.amazonaws.com'); | |
process.exit(1); | |
} | |
var REGION = m[1]; | |
var TARGET = 'https://' + process.argv[2]; | |
var PORT = 9200; | |
var BIND_ADDRESS = '127.0.0.1'; | |
var creds; | |
var chain = new AWS.CredentialProviderChain(); | |
chain.resolve(function (err, resolved) { | |
if (err) throw err; | |
else creds = resolved; | |
}); | |
function getcreds(req, res, next) { | |
return creds.get(function (err) { | |
if (err) return next(err); | |
else return next(); | |
}); | |
} | |
var proxy = httpProxy.createProxyServer({ | |
target: TARGET, | |
changeOrigin: true, | |
secure: true | |
}); | |
var app = express(); | |
app.use(bodyParser.raw({type: '*/*'})); | |
app.use(getcreds); | |
app.use(function (req, res) { | |
var bufferStream; | |
if (Buffer.isBuffer(req.body)) { | |
var bufferStream = new stream.PassThrough(); | |
bufferStream.end(req.body); | |
} | |
proxy.web(req, res, {buffer: bufferStream}); | |
}); | |
proxy.on('proxyReq', function (proxyReq, req, res, options) { | |
var endpoint = new AWS.Endpoint(ENDPOINT); | |
var request = new AWS.HttpRequest(endpoint); | |
request.method = proxyReq.method; | |
request.path = proxyReq.path; | |
request.region = REGION; | |
if (Buffer.isBuffer(req.body)) request.body = req.body; | |
if (!request.headers) request.headers = {}; | |
request.headers['presigned-expires'] = false; | |
request.headers['Host'] = ENDPOINT; | |
var signer = new AWS.Signers.V4(request, 'es'); | |
signer.addAuthorization(creds, new Date()); | |
proxyReq.setHeader('Host', request.headers['Host']); | |
proxyReq.setHeader('X-Amz-Date', request.headers['X-Amz-Date']); | |
proxyReq.setHeader('Authorization', request.headers['Authorization']); | |
if (request.headers['x-amz-security-token']) proxyReq.setHeader('x-amz-security-token', request.headers['x-amz-security-token']); | |
}); | |
http.createServer(app).listen(PORT, BIND_ADDRESS); | |
console.log('listening at ' + BIND_ADDRESS + ':' + PORT); |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Will this work with IAM Roles ? am little skeptical about using access key and secret access key.