I have a situation where I need to take a Java application that currently uses Basic auth to access OpenSearch, and add the ability for a user to provide a Cognito user-pool user/pass instead of the Basic user/pass.
It appears that the way to do this transparently (i.e. with raw requests, rather than using the OpenSearch Java client/library) is by taking the arbitrary requests and pre-signing them, in cases when Basic auth is not used.
I've figured out how to negotiate the Cognito user-pool user/pass into Credentials using the AWS Java SDK, and confirmed that I can sign curl requests with the --aws-sigv4 option, but I'm at a loss as to how to incorporate signing (with Aws4Signer.presign() ?)
Essentially what I'm trying for is a Java SDK 2.0 equivalent to a curl call like
curl \
--aws-sigv4 "aws:amz:us-west-2:es" \
--user "$ACCESS_KEY_ID":"$SECRET_KEY" \
--header "x-amz-security-token: ${SESSION_TOKEN}" \
https://some-opensearch-host.us-west-2.es.amazonaws.com/_search
where the variable values are provided by the Credentials object.
I might just be bad at reading Java docs (or the AWS SDK docs) because, taking Aws4Signer.presign() as an example, I have no idea where/how to get the information about ExecutionAttributes that would allow me to use them (and thus, presign()) correctly.
