Added Sigv4 Section to JavaScript Client (opensearch-project#1796)

* Added Sigv4 Section to JavaScript Client Signed-off-by: Theo Truong <[email protected]> * Adjusted according to style code/headers guide Signed-off-by: Theo Truong <[email protected]> Signed-off-by: Theo Truong <[email protected]>
partlov · Nov 3, 2022 · bdbf110 · bdbf110
1 parent eef57a6
commit bdbf110
Showing 1 changed file with 62 additions and 0 deletions.
diff --git a/_clients/javascript/index.md b/_clients/javascript/index.md
@@ -141,6 +141,68 @@ async function search() {
 search().catch(console.log);
 ```
 
+## Authenticate with Amazon OpenSearch Service - AWS Sigv4
+
+Use the following code to authenticate with AWS V2 SDK:
+
+```javascript
+const AWS = require('aws-sdk'); // V2 SDK.
+const { Client } = require('@opensearch-project/opensearch');
+const { AwsSigv4Signer } = require('@opensearch-project/opensearch/aws');
+
+const client = new Client({
+  ...AwsSigv4Signer({
+    region: 'us-east-1',
+    // Must return a Promise that resolve to an AWS.Credentials object.
+    // This function is used to acquire the credentials when the client start and
+    // when the credentials are expired.
+    // The Client will refresh the Credentials only when they are expired.
+    // With AWS SDK V2, Credentials.refreshPromise is used when available to refresh the credentials.
+
+    // Example with AWS SDK V2:
+    getCredentials: () =>
+      new Promise((resolve, reject) => {
+        // Any other method to acquire a new Credentials object can be used.
+        AWS.config.getCredentials((err, credentials) => {
+          if (err) {
+            reject(err);
+          } else {
+            resolve(credentials);
+          }
+        });
+      }),
+  }),
+  node: "https://search-xxx.region.es.amazonaws.com", // OpenSearch domain URL
+});
+```
+
+Use the following code to authenticate with AWS V3 SDK:
+
+```javascript
+const { defaultProvider } = require("@aws-sdk/credential-provider-node"); // V3 SDK.
+const { Client } = require('@opensearch-project/opensearch');
+const { AwsSigv4Signer } = require('@opensearch-project/opensearch/aws');
+
+const client = new Client({
+  ...AwsSigv4Signer({
+    region: 'us-east-1',
+    // Must return a Promise that resolve to an AWS.Credentials object.
+    // This function is used to acquire the credentials when the client start and
+    // when the credentials are expired.
+    // The Client will refresh the Credentials only when they are expired.
+    // With AWS SDK V2, Credentials.refreshPromise is used when available to refresh the credentials.
+
+    // Example with AWS SDK V3:
+    getCredentials: () => {
+      // Any other method to acquire a new Credentials object can be used.
+      const credentialsProvider = defaultProvider();
+      return credentialsProvider();
+    },
+  }),
+  node: "https://search-xxx.region.es.amazonaws.com", // OpenSearch domain URL
+});
+```
+
 ## Circuit breaker
 
 The `memoryCircuitBreaker` option can be used to prevent errors caused by a response payload being too large to fit into the heap memory available to the client.