Django-Haystack using Amazon Elasticsearch hosting with IAM credentials Django-Haystack using Amazon Elasticsearch hosting with IAM credentials elasticsearch elasticsearch

Django-Haystack using Amazon Elasticsearch hosting with IAM credentials


django amazon-web-services heroku elasticsearch django-haystack

You are one step from success, add connection_class to KWARGS and everything should work as expected.

import elasticsearchHAYSTACK_CONNECTIONS = {    'default': {        'ENGINE': 'haystack.backends.elasticsearch_backend.ElasticsearchSearchEngine',        'URL': [AWSHOST],        'INDEX_NAME': 'haystack',        'KWARGS': {            'port': 443,            'http_auth': awsauth,            'use_ssl': True,            'verify_certs': True,            'connection_class': elasticsearch.RequestsHttpConnection,        }    },}

django amazon-web-services heroku elasticsearch django-haystack

AWS Identity and Access Management (IAM) allows you to manage users and user permissions for AWS services, to control which AWS resources users of AWS itself can access.

You cannot use IAM credentials to authorize users at the application level via http_auth, as it appears you are trying to do via Haystack here. They are different authentication schemes for different services. They are not compatible.

In your security use case, you have stated the need to 1) restrict access to your application, and 2) to secure the Elasticsearch service port from open access. These two requirements can be met using the following methods:

Restrict access to your application

I also don't want to expose this search to those who don't have a log in

For the front-end search app, you want to use a server level Basic access authentication (HTTP auth) configuration on the web server. This is where you want to control user login access to your app, via a standard http_auth username and password (again, not IAM). This will secure your app at the application level.

Secure the Elasticsearch service port

don't want to rely on security through obscurity or some IP restriction tactic (unless it would work well with an existing heroku app, where the Django app is deployed).

IP restriction is exactly what would work here, and consistent with AWS security best practices. You want to use security groups and security group rules as a firewall to control traffic for your EC2 instances.

Given a Haystack configuration of:

HAYSTACK_CONNECTIONS = {    'default': {        'ENGINE': 'haystack.backends.elasticsearch_backend.ElasticsearchSearchEngine',        'URL': 'http://127.0.0.1:9200/',        'INDEX_NAME': 'haystack',    },}

you will want to implement an IP restriction at the security group and/or ACL level on that IP and port 127.0.0.1, to restrict access from only your Django host or other authorize hosts. This will secure it from any unauthorized access at the service level.

In your implementation, the URL will likely resolve to a public or private IP, depending on your network architecture.

Recent Posts
How can I color dots in a xy scatterplot according to column value?
How to update a claim in ASP.NET Identity?
What does {0} mean when initializing an object?
Accessing members of items in a JSONArray with Java
How to log SQL statements in Spring Boot?
Powershell Get-WebSite name parameter is ignored
How to detect scroll to bottom of html element
Java synchronized method
How to test controllers with CodeIgniter?
Detect Visual Composer
Matplotlib: Specify format of floats for tick labels
Rails join a list of strings with commas and "and" before the last