http.awses Plugin
Caddy plugin for signing and proxying requests to AWS Elasticsearch (AWS ES). Configuring access to an AWS ES domain can be tricky. The access policy of an AWS ES domain is based on a principal (which necessitates a signed request) or an IP address whitelist. Whitelisting IP addresses often isn't a viable option and standard tools (such as curl or a browser) can't properly sign requests. This is exactly the problem this plugin aims to address. Standard tools can make unauthenticated requests to the Caddy server which are then signed and proxied to the AWS ES service.
Examples
awses
Proxies requests to any region and AWS Elasticsearch domain in the form: /<region>/<domain>/<destination>
awses {
region us-west-2
}
Proxies requests to any AWS Elasticsearch domain in a specific region (us-west-2) in the form: /<domain>/<destination>
awses {
domain es-logs
}
Proxies requests to any region for a specific AWS Elasticsearch domain (es-logs) in the form: /<region>/<destination>
awses /docs/ {
region us-east-1
domain the-docs
}
awses /logs/ {
domain es-logs
}
awses /other-account/logs/ {
domain es-logs
role arn:aws:iam::123456789012:role/elasticsearch-logs-us-east-2
}
Proxies requests to a specific domain (the-docs) and region (us-east-1) with a prefix (/docs/) in the form: /docs/<destination> Also proxies requests to any region for a specific AWS Elasticsearch domain (es-logs) in the form: /logs/<region>/<destination> Also proxies requests to any region for a specific AWS Elasticsearch domain (es-logs) in another account (access through the role) in the form: /other-account/logs/<region>/<destination>
Access the full documentation for this plugin off-site:
DocsGet help from the maintainers of the http.awses plugin:
SupportVisit http.awses's website for more information:
Website