A tiny Amazon Signature Version 4 connection class for the official Opensearch Node.js client, for compatibility with AWS OpenSearch and IAM authentication.
Supports AWS SDK global or specific configuration instances (AWS.Config), including asyncronous credentials from IAM roles and credential refreshing.
npm install --save aws-opensearch-connector
const { Client } = require('@opensearch-project/opensearch');
const AWS = require('aws-sdk');
const createAwsOpensearchConnector = require('aws-opensearch-connector');
// (Optional) load profile credentials from file
AWS.config.update({
profile: 'my-profile',
});
const client = new Client({
...createAwsOpensearchConnector(AWS.config),
node: 'https://my-opensearch-cluster.us-east-1.es.amazonaws.com',
});
const { Client } = require('@opensearch-project/opensearch');
const AWS = require('aws-sdk');
const createAwsOpensearchConnector = require('aws-opensearch-connector');
const awsConfig = new AWS.Config({
// Your credentials and settings here, see
// https://docs.aws.amazon.com/AWSJavaScriptSDK/latest/AWS/Config.html#constructor-property
});
const client = new Client({
...createAwsOpensearchConnector(awsConfig),
node: 'https://my-opensearch-cluster.us-east-1.es.amazonaws.com',
});
const { STSClient, AssumeRoleCommand } = require('@aws-sdk/client-sts');
const { Client } = require('@opensearch-project/opensearch');
const createAwsOpensearchConnector = require('./src/index.js');
async function ping() {
const creds = await assumeRole(
'arn:aws:iam::0123456789012:role/Administrator',
'us-east-1'
);
const client = new Client({
...createAwsOpensearchConnector({
region: 'us-east-1',
credentials: creds,
}),
node: 'https://my-opensearch-cluster.us-east-1.es.amazonaws.com',
});
const response = await client.ping();
console.log(`Got Response`, response);
}
async function assumeRole(roleArn, region) {
const client = new STSClient({ region });
const response = await client.send(
new AssumeRoleCommand({
RoleArn: roleArn,
RoleSessionName: 'aws-es-connection',
})
);
return {
accessKeyId: response.Credentials.AccessKeyId,
secretAccessKey: response.Credentials.SecretAccessKey,
sessionToken: response.Credentials.SessionToken,
};
}
const { fromEnv } = require('@aws-sdk/credential-providers');
const { Client } = require('@opensearch-project/opensearch');
const createAwsOpensearchConnector = require('./src/index.js');
async function ping() {
const client = new Client({
...createAwsOpensearchConnector({
region: 'us-east-1',
credentials: await fromEnv()(),
}),
node: 'https://my-opensearch-cluster.us-east-1.es.amazonaws.com',
});
const response = await client.ping();
console.log(`Got Response`, response);
}
npm test
# Run integration tests against a real endpoint
AWS_SDK_LOAD_CONFIG=true AWS_PROFILE=your-profile npm run test:integration -- \
--endpoint https://my-opensearch-cluster.us-east-1.es.amazonaws.com
# Run integration tests against a real endpoint using assume role
AWS_SDK_LOAD_CONFIG=true AWS_PROFILE=your-profile npm run test:integration -- \
--endpoint https://my-opensearch-cluster.us-east-1.es.amazonaws.com \
--role arn:aws:iam::123456789:role/OpenSearchAccessRole