Uploaded image for project: 'Nuxeo Platform'
  1. Nuxeo Platform
  2. NXP-24939

Make Nuxeo work with AWS ElasticSearch service when not in the same VPC



    • Type: Bug
    • Status: Open
    • Priority: Major
    • Resolution: Unresolved
    • Affects Version/s: 10.2-SNAPSHOT, 10.2
    • Fix Version/s: QualifiedToSchedule
    • Component/s: Infrastructure


      Currently we can use two strategies to authenticate Amazon ES service requests:

      • IP based - Any call from that IP address will be allowed access or be denied access to the resource in question ( this works already with the current RestClient when Nuxeo and ES are in the same VPC)
      • Originating Principal - you are required to include information that AWS can use to authenticate the requestor as part of every request to your Amazon ES endpoint, so we nee to sign the request using Signature Version 4. (not supported yet in Nuxeo)

      We need to add support for the second strategy as there are situation where we can not implement the security strategy based only on IP restrictions. ( when Nuxeo is deployed on a OpenShift cluster for example)


          Issue Links



              • Votes:
                0 Vote for this issue
                2 Start watching this issue


                • Created: