Getting started with AWS
editGetting started with AWS
editThe plugin will default to using
IAM Role
credentials for authentication. These can be overridden by, in increasing
order of precedence, system properties aws.accessKeyId
and aws.secretKey
,
environment variables AWS_ACCESS_KEY_ID
and AWS_SECRET_KEY
, or the
elasticsearch config using cloud.aws.access_key
and cloud.aws.secret_key
:
cloud: aws: access_key: AKVAIQBF2RECL7FJWGJQ secret_key: vExyMThREXeRMm/b/LRzEB8jWwvzQeXgjqMX+6br
Transport security
editBy default this plugin uses HTTPS for all API calls to AWS endpoints. If you wish to configure HTTP you can set
cloud.aws.protocol
in the elasticsearch config. You can optionally override this setting per individual service
via: cloud.aws.ec2.protocol
or cloud.aws.s3.protocol
.
cloud: aws: protocol: https s3: protocol: http ec2: protocol: https
In addition, a proxy can be configured with the proxy_host
and proxy_port
settings (note that protocol can be
http
or https
):
cloud: aws: protocol: https proxy_host: proxy1.company.com proxy_port: 8083
You can also set different proxies for ec2
and s3
:
cloud: aws: s3: proxy_host: proxy1.company.com proxy_port: 8083 ec2: proxy_host: proxy2.company.com proxy_port: 8083
Region
editThe cloud.aws.region
can be set to a region and will automatically use the relevant settings for both ec2
and s3
.
The available values are:
-
us-east
(us-east-1
) -
us-west
(us-west-1
) -
us-west-1
-
us-west-2
-
ap-southeast
(ap-southeast-1
) -
ap-southeast-1
-
ap-southeast-2
-
ap-northeast
(ap-northeast-1
) -
eu-west
(eu-west-1
) -
eu-central
(eu-central-1
) -
sa-east
(sa-east-1
) -
cn-north
(cn-north-1
)
EC2/S3 Signer API
editIf you are using a compatible EC2 or S3 service, they might be using an older API to sign the requests.
You can set your compatible signer API using cloud.aws.signer
(or cloud.aws.ec2.signer
and cloud.aws.s3.signer
)
with the right signer to use. Defaults to AWS4SignerType
.