Developer Guide

Signing an Amazon Elasticsearch Service Search Request with AWS SDK for PHP Version 3

Amazon Elasticsearch Service (Amazon ES) is a managed service that makes it easy to deploy, operate, and scale Amazon Elasticsearch Service, a popular open-source search, and analytics engine. Amazon ES offers direct access to the Amazon Elasticsearch Service API. This means that developers can use the tools with which they’re familiar, as well as robust security options, such as using IAM users and roles for access control. Many Amazon Elasticsearch Service clients support request signing, but if you're using a client that doesn't, you can sign arbitrary PSR-7 requests with the built-in credential providers and signers of the AWS SDK for PHP.

The following examples show how to:

  • Sign a request with the AWS signing protocol using SignatureV4.

All the example code for the AWS SDK for PHP Version 3 is available here on GitHub.


Before running the example code, configure your AWS credentials, as described in Credentials for the AWS SDK for PHP Version 3. Then import the AWS SDK for PHP, as described in Basic Usage Patterns of the AWS SDK for PHP Version 3.

Signing an Amazon ES Request

Amazon ES uses Signature Version 4. This means that you need to sign requests against the service's signing name (es, in this case) and the AWS Region of your Amazon ES domain. A full list of Regions supported by Amazon ES can be found on the AWS Regions and Endpoints page in the Amazon Web Services General Reference. However, in this example, we sign requests against an Amazon ES domain in the us-west-2 region.

You need to provide credentials, which you can do either with the SDK's default provider chain or with any form of credentials described in Credentials for the AWS SDK for PHP Version 3. You'll also need a PSR-7 request (assumed in the code below to be named $psr7Request).

// Pull credentials from the default provider chain $provider = Aws\Credentials\CredentialProvider::defaultProvider(); $credentials = call_user_func($provider)->wait(); // Create a signer with the service's signing name and Region $signer = new Aws\Signature\SignatureV4('es', 'us-west-2'); // Sign your request $signedRequest = $signer->signRequest($psr7Request, $credentials);