Getting started with AWS
editGetting started with AWS
editThe plugin will default to using
IAM Role
credentials for authentication. These can be overridden by, in increasing
order of precedence, system properties aws.accessKeyId and aws.secretKey,
environment variables AWS_ACCESS_KEY_ID and AWS_SECRET_KEY, or the
elasticsearch config using cloud.aws.access_key and cloud.aws.secret_key:
cloud:
aws:
access_key: AKVAIQBF2RECL7FJWGJQ
secret_key: vExyMThREXeRMm/b/LRzEB8jWwvzQeXgjqMX+6br
Transport security
editBy default this plugin uses HTTPS for all API calls to AWS endpoints. If you wish to configure HTTP you can set
cloud.aws.protocol in the elasticsearch config. You can optionally override this setting per individual service
via: cloud.aws.ec2.protocol or cloud.aws.s3.protocol.
cloud:
aws:
protocol: https
s3:
protocol: http
ec2:
protocol: https
In addition, a proxy can be configured with the proxy_host and proxy_port settings (note that protocol can be
http or https):
cloud:
aws:
protocol: https
proxy_host: proxy1.company.com
proxy_port: 8083
You can also set different proxies for ec2 and s3:
cloud:
aws:
s3:
proxy_host: proxy1.company.com
proxy_port: 8083
ec2:
proxy_host: proxy2.company.com
proxy_port: 8083
Region
editThe cloud.aws.region can be set to a region and will automatically use the relevant settings for both ec2 and s3.
The available values are:
-
us-east(us-east-1) -
us-west(us-west-1) -
us-west-1 -
us-west-2 -
ap-southeast(ap-southeast-1) -
ap-southeast-1 -
ap-southeast-2 -
ap-northeast(ap-northeast-1) -
eu-west(eu-west-1) -
eu-central(eu-central-1) -
sa-east(sa-east-1) -
cn-north(cn-north-1)
EC2/S3 Signer API
editIf you are using a compatible EC2 or S3 service, they might be using an older API to sign the requests.
You can set your compatible signer API using cloud.aws.signer (or cloud.aws.ec2.signer and cloud.aws.s3.signer)
with the right signer to use. Defaults to AWS4SignerType.