This app reverse proxies entry points for Amazon web services. Proxied
requests are signed using the v4 signature
which allows direct access to the endpoint with tools such as curl
without having to sign the requests.
The primary use case for this app is proxying Amazon Elasticsearch Service domains so that developers can more easily use existing tools and libraries that integrate with Elasticsearch, although other AWS services can be proxied as well.
This project is inspired by the https://github.com/cllunsford/aws-signing-proxy library and borrows some core techniques.
Either download the latest binary for your platform, or run the following command in the project's root to build the aws-proxy binary from source:
GOPATH=$PWD go build -o ./bin/aws-proxy aws-proxyThis app reads configuration from environment variables, the AWS credentials file, the CLI configuration file, and instance profile credentials. See http://docs.aws.amazon.com/cli/latest/userguide/cli-chap-getting-started.html#cli-metadata for more details.
Run the proxy, replacing my-domain and us-west-2 according to your environment.
./bin/aws-proxy --port 9200 --endpoint=https://my-domain.us-west-2.es.amazonaws.comConsume the service with tools like curl:
curl http://localhost:9200If you just want to proxy Kibana and serve it from the document root, add the Kibana plugin's path to the endpoint:
./bin/aws-proxy --port 5601 --endpoint=https://my-domain.us-west-2.es.amazonaws.com/_plugin/kibanaBe aware that there is some magic behind the scenes to make this possible. Participate in acquia/aws-proxy#6, pull back the curtain, and make things less magical.
You probably don't want to expose Kibana to the world, so check out Bitly's Oauth2 Proxy and set the AWS Proxy as its upstream endpoint.
If you do put AWS Proxy behind another reverse proxy, make sure to pass the
--behind-reverse-proxy option so that the IP of the host that made the
original request is logged.
Use Upstart to start aws-proxy during boot
and supervise it while the system is running. Add a file to /etc/init with
the following contents, replacing /path/to and my-domain according to
your environment.
description "AWS Proxy"
start on runlevel [2345]
respawn
respawn limit 10 5
exec /path/to/aws-proxy --port 9200 --endpoint=https://my-domain.us-west-2.es.amazonaws.com
AWS Proxy uses Glide to manage dependencies.
Run the following command to build release binaries:
bin/build.shRun the following commands to run tests and generate a coverage report:
GOPATH=$PWD go test -coverprofile=build/coverage.out aws-proxy
GOPATH=$PWD go tool cover -html=build/coverage.outWe aren't in the business of pushing tools, so you should also look at the projects below so that you can make the best decision for your use case.
- https://github.com/coreos/aws-auth-proxy
- https://github.com/cllunsford/aws-signing-proxy
- https://github.com/anomalizer/ngx_aws_auth
Except as otherwise noted this software is licensed under the Apache License, Version 2.0
Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.