Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

elasticsearch-aws doesn't seem to always need a signature #136

Open
codefromthecrypt opened this issue Aug 2, 2019 · 1 comment
Open

elasticsearch-aws doesn't seem to always need a signature #136

codefromthecrypt opened this issue Aug 2, 2019 · 1 comment

Comments

@codefromthecrypt
Copy link
Member

I noticed when you boot up an elasticsearch instance, you can still hit the root and health check URLs with no signature. Of course, if you goof a signature, it will yell.

It would be cool if someone can help dig out when exactly we need to sign requests, especially as pertains to health checks.

cc @devinsba @jcarres-mdsol
@anuraaga
Copy link
Contributor

anuraaga commented Aug 9, 2019

While playing with a cluster on AWS, I noticed I could curl the health endpoint when the security settings restricted to IP. When restricting to an account, I couldn't curl it. So I'm suspecting it depends on settings of the cluster itself and may not be practical for us to skip the signature.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@codefromthecrypt @anuraaga