Signing an Amazon OpenSearch Service Search Request with AWS SDK for PHP Version 3 - AWS SDK for PHP

Signing an Amazon OpenSearch Service Search Request with AWS SDK for PHP Version 3

Amazon OpenSearch Service (OpenSearch Service) is a managed service that makes it easy to deploy, operate, and scale Amazon OpenSearch Service, a popular open-source search, and analytics engine. OpenSearch Service offers direct access to the Amazon OpenSearch Service API. This means that developers can use the tools with which they’re familiar, as well as robust security options, such as using IAM users and roles for access control. Many Amazon OpenSearch Service clients support request signing, but if you’re using a client that doesn’t, you can sign arbitrary PSR-7 requests with the built-in credential providers and signers of the AWS SDK for PHP.

The following examples show how to:

  • Sign a request with the AWS signing protocol using SignatureV4.

All the example code for the AWS SDK for PHP Version 3 is available here on GitHub.

Credentials

Before running the example code, configure your AWS credentials, as described in Credentials for the AWS SDK for PHP Version 3. Then import the AWS SDK for PHP, as described in Basic Usage Patterns of the AWS SDK for PHP Version 3.

Signing an OpenSearch Service Request

OpenSearch Service uses Signature Version 4. This means that you need to sign requests against the service’s signing name (es, in this case) and the AWS Region of your OpenSearch Service domain. A full list of Regions supported by OpenSearch Service can be found on the AWS Regions and Endpoints page in the Amazon Web Services General Reference. However, in this example, we sign requests against an OpenSearch Service domain in the us-west-2 region.

You need to provide credentials, which you can do either with the SDK’s default provider chain or with any form of credentials described in Credentials for the AWS SDK for PHP Version 3. You’ll also need a PSR-7 request (assumed in the code below to be named $psr7Request).

// Pull credentials from the default provider chain $provider = Aws\Credentials\CredentialProvider::defaultProvider(); $credentials = call_user_func($provider)->wait(); // Create a signer with the service's signing name and Region $signer = new Aws\Signature\SignatureV4('es', 'us-west-2'); // Sign your request $signedRequest = $signer->signRequest($psr7Request, $credentials);