From bdbf11074054e124a4af3ff2246db4c8336bb3ae Mon Sep 17 00:00:00 2001 From: Theo Nam Truong Date: Thu, 3 Nov 2022 10:35:56 -0600 Subject: [PATCH] Added Sigv4 Section to JavaScript Client (#1796) * Added Sigv4 Section to JavaScript Client Signed-off-by: Theo Truong * Adjusted according to style code/headers guide Signed-off-by: Theo Truong Signed-off-by: Theo Truong --- _clients/javascript/index.md | 62 ++++++++++++++++++++++++++++++++++++ 1 file changed, 62 insertions(+) diff --git a/_clients/javascript/index.md b/_clients/javascript/index.md index 4c24b9bc..9e7bafcf 100644 --- a/_clients/javascript/index.md +++ b/_clients/javascript/index.md @@ -141,6 +141,68 @@ async function search() { search().catch(console.log); ``` +## Authenticate with Amazon OpenSearch Service - AWS Sigv4 + +Use the following code to authenticate with AWS V2 SDK: + +```javascript +const AWS = require('aws-sdk'); // V2 SDK. +const { Client } = require('@opensearch-project/opensearch'); +const { AwsSigv4Signer } = require('@opensearch-project/opensearch/aws'); + +const client = new Client({ + ...AwsSigv4Signer({ + region: 'us-east-1', + // Must return a Promise that resolve to an AWS.Credentials object. + // This function is used to acquire the credentials when the client start and + // when the credentials are expired. + // The Client will refresh the Credentials only when they are expired. + // With AWS SDK V2, Credentials.refreshPromise is used when available to refresh the credentials. + + // Example with AWS SDK V2: + getCredentials: () => + new Promise((resolve, reject) => { + // Any other method to acquire a new Credentials object can be used. + AWS.config.getCredentials((err, credentials) => { + if (err) { + reject(err); + } else { + resolve(credentials); + } + }); + }), + }), + node: "https://search-xxx.region.es.amazonaws.com", // OpenSearch domain URL +}); +``` + +Use the following code to authenticate with AWS V3 SDK: + +```javascript +const { defaultProvider } = require("@aws-sdk/credential-provider-node"); // V3 SDK. +const { Client } = require('@opensearch-project/opensearch'); +const { AwsSigv4Signer } = require('@opensearch-project/opensearch/aws'); + +const client = new Client({ + ...AwsSigv4Signer({ + region: 'us-east-1', + // Must return a Promise that resolve to an AWS.Credentials object. + // This function is used to acquire the credentials when the client start and + // when the credentials are expired. + // The Client will refresh the Credentials only when they are expired. + // With AWS SDK V2, Credentials.refreshPromise is used when available to refresh the credentials. + + // Example with AWS SDK V3: + getCredentials: () => { + // Any other method to acquire a new Credentials object can be used. + const credentialsProvider = defaultProvider(); + return credentialsProvider(); + }, + }), + node: "https://search-xxx.region.es.amazonaws.com", // OpenSearch domain URL +}); +``` + ## Circuit breaker The `memoryCircuitBreaker` option can be used to prevent errors caused by a response payload being too large to fit into the heap memory available to the client.