0

I'm building a mobile app that requires access to an AWS Elasticsearch (ES) cluster and would like to make sure only the app can make queries.

Assuming I'm not going to distribute AWS user credentials with my mobile application, what would be a secure way to allow read access to an AWS Elasticsearch cluster?

Reading this AWS post I gathered that I can setup a reverse proxy to sign my requests to Elasticsearch. If I follow this route, how would I secure access to the EC2 instance port where the proxy is listening to?

Javier Artiles
  • 175
  • 1
  • 2
  • 7
  • Is your goal to require the APP user to login to the app using set of credentials and access Elastisearch for query or for administration? – Ashan Jun 04 '17 at 03:05

1 Answers1

1

For mobile applications what you want to set up is Web Identity Federation. This is will give users temporary credentials to access aws resources needed for your mobile application.

http://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_oidc.html

Setting up http://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_oidc_manual.html

Article from Amazon on Web Identity Federation with Mobile Applications

https://aws.amazon.com/articles/4617974389850313

strongjz
  • 4,271
  • 1
  • 17
  • 27