aws

http://status.aws.amazon.com/ https://www.expeditedssl.com/aws-in-plain-english
orestis 2020-10-19T07:24:09.043600Z

Follow up on my ES questions: It turns out that when using AWS-hosted ES, you have the ability to use IAM RBAC, so you need to sign outgoing http requests. Now, Cognitect’s aws-api provides a credential provider: credentials-provider which I can use call fetch on and it will give me the needed credentials. I found https://github.com/zarkone/aws-sig4 which seems to be providing both the building blocks and a clj-http middleware, but I’d prefer if I could reuse the cognitect aws-api for that too and provide my own wrapper for clj-http. It seems to be a common request for other reasons: https://github.com/cognitect-labs/aws-api/issues/5 — so, (deep breath) — any news or input on that?

viesti 2020-10-19T11:58:35.044900Z

interesting, wasn't aware of that fork from org.sharetribe/aws-sig4 (which I've used before and has worked well)

lukasz 2020-10-19T15:13:06.045800Z

@orestis I tried to make it work but gave up :-) instead we run the ES cluster in a special subnet with no ingress/egress outside of the VPC + security group rules

orestis 2020-10-19T17:42:44.046600Z

It’s my fallback :) but at least I would like some username and password going on :)