Comments (10)
@ojundt version 1.1 has IRSA included, can you give it a try?
@codyja I'm using aws-sdk-go v1.30.4 which I think has the support, however, I will update the sdk and release a new version this week.
from aws-es-proxy.
Just saw #61 which would need to be merged first!
from aws-es-proxy.
This has been fixed in the new commit to master today. I will soon release a new docker image containing the latest code.
from aws-es-proxy.
Will have a look and update the docker image.
from aws-es-proxy.
Thanks! Since you are on it, would you consider merging #40 as well? We are using using aws-es-proxy
via the fluentd-elasticsearch helm chart on EKS, and had to end up using a custom image with both #61 and #40 applied. The latter was to actually see some errors when the IAM role was misconfigured! 😄
from aws-es-proxy.
Having IRSA support would be great! Any news on integrating that feature?
from aws-es-proxy.
Would like to give this a try with the later aws-sdk-go
version that supports IAM on EKS. Thanks!
from aws-es-proxy.
@abutaha version 1.1 with IRSA works like a charm. Thank you!
from aws-es-proxy.
Hi @ojundt , could you help me understand how to run aws-es-proxy in order to get it working with IRSA? I'm struggling a bit to make it run. Are you deploying aws-es-proxy through a YAML manifest via kubectl? Are you using a chart? What parameters do you pass to either of those to make it work? Thanks!
from aws-es-proxy.
In case it helps somebody else I managed to get it working on AWS EKS by providing the following environment variables to the aws-es-proxy pod:
- AWS_ROLE_ARN => arn:aws:iam::[ACCOUNT_ID]:role/[ROLE_NAME]
- AWS_WEB_IDENTITY_TOKEN_FILE: /var/run/secrets/eks.amazonaws.com/serviceaccount/token
The service account needs to be annotated with eks.amazonaws.com/role-arn
so that EKS creates the token in the file specified above.
Also, you are providing a role ARN which belongs to an actual role, such role needs to be granted access to AWS ES through a policy in order for this to work.
from aws-es-proxy.
Related Issues (20)
- Feature request: endpoint IP and port config
- Allowing securitytenant header HOT 2
- Received 403 from AWSAuth, invalidating credentials for retrial... /_bulk?timeout=1m; ; 403; 0.210s HOT 3
- Missing osd-version, osd-xsrf passthrough in headers HOT 10
- Got 404 error when try to access Notebooks by http://opensearch.aws.com/_plugin/kibana/app/opendistro-notebooks-kibana#/
- API request to Kibana not including osd-xsrf header HOT 1
- 4 CRITICAL, 29 HIGH, 13 MEDIUM, 3 LOW, 5 UNKNOWN CVEs on latest image HOT 2
- `go.sum` is missing HOT 2
- AOSS gw-helper-deny HOT 1
- We are having performance issue in Elasticsearch/Kibana after migrating to another server host. HOT 4
- Log JWT token in headers returned from AWS Cognito HOT 1
- Method for terminating the proxy remotely
- Getting net/http: TLS handshake timeout while accessing AWS managed Elasticsearch service HOT 1
- Using aws-es-proxy in conjunction with elasticdump HOT 2
- Certificate validation fails for CNAME record HOT 1
- AWS ES Custom Endpoint does not work with AWS SignV4
- New release, update Docker container? HOT 7
- aws-es-proxy works in HTTPS?
- 400 status when _plugin/kibana/api/v1/multitenancy/tenant HOT 1
- CORS preflight requests fail if basic auth is in use on the proxy HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from aws-es-proxy.