Credentials Signing an OpenSearch Service request

Signing an Amazon OpenSearch Service search request with AWS SDK for PHP Version 3

Amazon OpenSearch Service is a managed service that makes it easy to deploy, operate, and scale Amazon OpenSearch Service, a popular open-source search, and analytics engine. OpenSearch Service offers direct access to the Amazon OpenSearch Service API. This means that developers can use the tools with which they’re familiar, as well as robust security options. Many Amazon OpenSearch Service clients support request signing, but if you’re using a client that doesn’t, you can sign arbitrary PSR-7 requests with the built-in credential providers and signers of the AWS SDK for PHP.

The following examples show how to:

Sign a request with the AWS signing protocol using SignatureV4.

All the example code for the AWS SDK for PHP is available here on GitHub.

Credentials

Before running the example code, configure your AWS credentials, as described in Credentials. Then import the AWS SDK for PHP, as described in Basic usage.

Signing an OpenSearch Service request

OpenSearch Service uses Signature Version 4. This means that you need to sign requests against the service’s signing name (es, in this case) and the AWS Region of your OpenSearch Service domain. A full list of Regions supported by OpenSearch Service can be found on the AWS Regions and Endpoints page in the Amazon Web Services General Reference. However, in this example, we sign requests against an OpenSearch Service domain in the us-west-2 region.

You need to provide credentials, which you can do either with the SDK’s default provider chain or with any form of credentials described in Credentials for the AWS SDK for PHP Version 3. You’ll also need a PSR-7 request (assumed in the code below to be named $psr7Request).


// Pull credentials from the default provider chain
$provider = Aws\Credentials\CredentialProvider::defaultProvider();
$credentials = call_user_func($provider)->wait();

// Create a signer with the service's signing name and Region
$signer = new Aws\Signature\SignatureV4('es', 'us-west-2');

// Sign your request
$signedRequest = $signer->signRequest($psr7Request, $credentials);

Warning Javascript is disabled or is unavailable in your browser.

To use the Amazon Web Services Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

Document Conventions

Working with security groups

AWS Identity and Access Management examples