Getting started with AWS
editGetting started with AWS
editThe plugin will default to using
IAM Role
credentials for authentication. These can be overridden by, in increasing
order of precedence, system properties aws.accessKeyId
and aws.secretKey
,
environment variables AWS_ACCESS_KEY_ID
and AWS_SECRET_KEY
, or the
elasticsearch config using cloud.aws.access_key
and cloud.aws.secret_key
:
cloud: aws: access_key: AKVAIQBF2RECL7FJWGJQ secret_key: vExyMThREXeRMm/b/LRzEB8jWwvzQeXgjqMX+6br
Transport security
editBy default this plugin uses HTTPS for all API calls to AWS endpoints. If you wish to configure HTTP you can set
cloud.aws.protocol
in the elasticsearch config. You can optionally override this setting per individual service
via: cloud.aws.ec2.protocol
or cloud.aws.s3.protocol
.
cloud: aws: protocol: https s3: protocol: http ec2: protocol: https
In addition, a proxy can be configured with the proxy.host
, proxy.port
, proxy.username
and proxy.password
settings
(note that protocol can be http
or https
):
cloud: aws: protocol: https proxy: host: proxy1.company.com port: 8083 username: myself password: theBestPasswordEver!
You can also set different proxies for ec2
and s3
:
cloud: aws: s3: proxy: host: proxy1.company.com port: 8083 username: myself1 password: theBestPasswordEver1! ec2: proxy: host: proxy2.company.com port: 8083 username: myself2 password: theBestPasswordEver2!
Region
editThe cloud.aws.region
can be set to a region and will automatically use the relevant settings for both ec2
and s3
.
The available values are:
-
us-east
(us-east-1
) -
us-west
(us-west-1
) -
us-west-1
-
us-west-2
-
ap-southeast
(ap-southeast-1
) -
ap-southeast-1
-
ap-southeast-2
-
ap-northeast
(ap-northeast-1
) -
ap-northeast-2
(ap-northeast-2
) -
eu-west
(eu-west-1
) -
eu-central
(eu-central-1
) -
sa-east
(sa-east-1
) -
cn-north
(cn-north-1
)
EC2/S3 Signer API
editIf you are using a compatible EC2 or S3 service, they might be using an older API to sign the requests.
You can set your compatible signer API using cloud.aws.signer
(or cloud.aws.ec2.signer
and cloud.aws.s3.signer
)
with the right signer to use.
If you are using a compatible S3 service which do not support Version 4 signing process, you may need to use
S3SignerType
for cloud.aws.s3.signer
, which is Signature Version 2.