Signing ElasticSearch AWS calls

I'm attempting to sign all of our AWS calls to ElasticSearch however the response is always;

User: anonymous is not authorized to perform: es:ESHttpGet on resource:

I've tried multiple key pairs and IAM users.

The calls within our PHP are made using the official elasticsearch-php client and all requests are signed using the connector found here.

Shown below is how we build the ElasticSearch client and apply signing middleware;

$credentials = new Credentials('<KEY>', '<SECRET>');
$signature = new SignatureV4('es', 'eu-central-1');

$middleware = new AwsSignatureMiddleware($credentials, $signature);
$defaultHandler = ESClientBuilder::defaultHandler();
$awsHandler = $middleware($defaultHandler);

$clientBuilder =  ESClientBuilder::create();

$clientBuilder
    ->setHandler($awsHandler)
    ->setHosts(['<URL>']);
$this->_client = $clientBuilder->build();

For reference the policy attached to the elasticsearch instance we are trying to access is;

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Principal": {
        "AWS": "arn:aws:iam::<IAM_USER>"
      },
      "Action": "es:*",
      "Resource": "<RESOURCE>/*"
    }
  ]
}

Other info;

• We are using the Laravel framework, version 5.4.7
• Elasticsearch client version 5.3.2

from Newest questions tagged laravel-5 - Stack Overflow http://ift.tt/2FlKxE4
via IFTTT