Eric Citaire Eric Citaire - 1 month ago 24
Java Question

Signing AWS HTTP requests with Apache HttpComponents Client

I'm trying to make HTTP requests to an AWS Elasticsearch domain protected by an IAM access policy. I need to sign these requests for them to be authorized by AWS.
I'm using Jest, which in turn use Apache HttpComponents Client.

This seems to be a common use case and I was wondering if there is out there some kind of library which I can use on top of Apache HttpComponents Client to sign all the requests.

Answer

I think I found it! :)

This project seems to do exactly what I want : aws-signing-request-interceptor, described as "Request Interceptor for Apache Client that signs the request for AWS. Originally created to support AWS' Elasticsearch Service using the Jest client.".

Edit : I forked the project to fit my needs (Java 7, temporary STS credentials), and it works nicely.

Here is an example of usage (here without STS temporary credentials):

DefaultAWSCredentialsProviderChain awsCredentialsProvider = new DefaultAWSCredentialsProviderChain();
final AWSSigner awsSigner = new AWSSigner(awsCredentialsProvider, "us-east-1", "es", () -> new LocalDateTime(DateTimeZone.UTC));

JestClientFactory factory = new JestClientFactory() {
    @Override
    protected HttpClientBuilder configureHttpClient(HttpClientBuilder builder) {
        builder.addInterceptorLast(new AWSSigningRequestInterceptor(awsSigner));
        return builder;
    }
};
factory.setHttpClientConfig(new HttpClientConfig.Builder(url)
        .multiThreaded(true)
        .build());
JestClient client = factory.getObject();
Comments