Using ES_AWS_FOOBAR under Lambda
#13
Comments
|
/cc @andygnewman |
|
+1 to this. I'm trying to migrate a project that leverages n-es-client to start using Vault and it's become a very non-trivial process. Working on a PR... |
|
For reference here is a signed fetch implementation used in a Lambda (but still using env vars) https://github.com/Financial-Times/n-concept-bump/blob/master/lib/signed-fetch.js |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
If you use this client within Lambda (or any AWS service with a role), you'll find a collision between the role's session token and the Elasticsearch credential's ID and secret.
In signed-fetch, it'll take the ID and secret from one set of credentials, then also use the session token for the role, a different credential. AWS then complains.
I'd suggest we move away from the signed-fetch dependency, implement it ourselves using
aws4in a more simple manner? Or... fix signed-fetch and just use the standard way of defining credentials (doing away withES_*).The text was updated successfully, but these errors were encountered: