OpenSearch supports multiple authentication types. The simplest is basic authentication, IAM authentication can also be used. To use IAM authentication requests need to be signed with a Sigv4 authentication header.
The following repository demonstrates how map and IAM user to an OpenSearch role, then how to use the IAM user to make requests to the OpenSearch domain.
Follow the instructions below to walk through an example
- Run the CloudFormation stack below
The resources created by the CloudFormation stack are documented in the architecture below
-
Navigate to the to the opensearch-user on the IAM console and create an access key
-
Create a AWS CLI profile to store the access key Id and secret access key
aws configure --profile os-profile -
Log into OpenSearch dashboard, map the ARN of the IAM user to an OpenSearch role
- Update and run python script. There are two python scripts you can run. Both do the same thing but use different python libraries. The opensearchpy_Sigv4.py script uses the opensearch-py python library to make requests. The requests_Sigv4.py uses the more generic requests library to make requests to OpenSearch.
Update the host and region variables in the opensearchpy_Sigv4.py python script.
Update the host, path and region variables in the requests_Sigv4.py python script.
Then save and run the script(s)