0

I am using AWS ES for the search on my iOS application. As of now, I use the Rest API for the serving the search queries to the application. The app calls the Rest API and my python server searches to serve the requests. I want to eliminate this Rest API server and want to implement the interaction between iOS and AWS ES directly. AWS iOS SDK does not provide service for ES. What shall I do for that?

I have looked into these resources but did not get much clarity,

Elasticsearch access policy - allow read from clients and read/write from Node.js server

How to secure access to AWS Elasticsearch from a mobile application

Any help would be appreciated.

shaud
  • 25
  • 6

1 Answers1

3

You can make use of AWS Cognito, User Pools and Federated Access to provide fine grained access to AWS resources to your set of users.

Read more at this link: Secure API Access with Amazon Cognito Federated Identities, Amazon Cognito User Pools, and Amazon API Gateway

I won't recommend doing this though, especially for elastic search cause if any of the temporary credentials (STS tokens) are stored in an in-secure place (not a keychain), users will be able to delete or create indices on your elastic search cluster, as AWS does not provide fine grain control over the APIs exposed by elasticsearch itself.

To solve this problem, you can use API Gateway as a proxy to only the search endpoints of the indices you want to allow your clients to be able to search. You do not need a Lambda function or any EC2 instance in the middle to achieve this.

Yeshodhan Kulkarni
  • 2,844
  • 1
  • 16
  • 19