Laravel Scout config AWS elasticSearch service

2
votes

Having some issues configuring scout with my AWS ES,

here is my scout.php config :

'elasticsearch' => [
        'index' => 'yyy',

        'config' => [
            'hosts' => [
                [
                    'host' => search-yyy.eu-west-1.es.amazonaws.com,
                    'port' => 80,
                    'scheme' => 'https',
                    'user' => 'myIAM-UserName',
                    'pass' => 'myIAM-secret',
                ],
            ],
        ],
    ],

And i configured my ES access policy like this :

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Principal": {
        "AWS": [
          "arn:aws:iam::XXX:user/myIAM-user",
          "arn:aws:iam::XXX:root"
        ]
      },
      "Action": "es:*",
      "Resource": "arn:aws:es:eu-west-1:XXX:domain/yyy/*"
    }
  ]
}

It looks like i can't connect (i'm getting the following error) :

No alive nodes found in your cluster

Anyone who made this work could help me ?

1
laravelamazon-web-serviceselasticsearchlaravel-5
I think Elasticsearch on AWS works on port 80 instead of 9200. I guess changing this param in config should help.Skysplit
indeed, but still the same error, and when i try with http instead of https, i'm getting : Authorization header requires 'Credential' parameter. Authorization header requires 'Signature' parameter...r.flipo
Are you able to access it via browser (either http or https)?Skysplit
no, because i restricted the access to my root & IAM user (it works without, but i don't want anyone to access my ES)r.flipo
I'm not very familliar with AWS, but I think unless you can access it via browser, your elasticsearch instance won't be available to your Laravel Scout. If you can access website and it HTTP Basic Auth window will prompt, then it's okay.Skysplit

1 Answers

5
votes

As mentioned here if you want to use IAM credentials with your ES index you will need to sign the requests with AWS Signature Version 4. Fortunately there is already a package that can handle this for you with the elasticsearch/elasticsearch package Scout uses.

So all you need to do is make a new engine that extends ElasticsearchEngine and loads in the handler. Example here: https://gist.github.com/threesquared/65f90c5dda7f6a6fd1afbb6b5089b4ec

Then in your app provider add a custom engine like this:

resolve(EngineManager::class)->extend('signed-elasticsearch', function () {
  return new SignedElasticsearchEngine;
});

Then set scout to use the new driver:

'driver' => 'signed-elasticsearch'