We have an issue with the .NET AWS SDK where it always assumes credentials are needed. If no credentials are supplied, the SDK will try to pull them from the EC2 metadata service. The irony here is that the AWS resources we want to access (OpenSearch in this case) are public! If only we could stop the AWS client from throwing exceptions about EC2, etc., and simply send an unauthenticated request, we could get the job done. (Sounds insecure but only a few subnets are allowed to talk to OpenSearch.)
Any suggestions on how to create unauthenticated requests from the OpenSearch client? Here is our connection code in case you want to refer to it.
var connection = new AwsHttpConnection(region_redacted);
var pool = new SingleNodeConnectionPool(uri_redacted);
var settings = new ConnectionSettings(pool, connection);
settings
.DisableAutomaticProxyDetection(false)
.EnableTcpKeepAlive(TimeSpan.FromSeconds(180), TimeSpan.FromSeconds(5))
.RequestTimeout(TimeSpan.FromMinutes(2))
.DisableDirectStreaming(true);
var client = new OpenSearchClient(settings);
