Explore Courses Blog Tutorials Interview Questions
0 votes
in AWS by (19.1k points)

I'm using the aws managed elasticsearch/ I'm using the high-level java client for elastic search. Is there a way to use aws signature4 signing for the requests made with the high-level client?

1 Answer

0 votes
by (44.4k points)

Adding appropriate headers and signing calculations to your request is more than enough. Read this documentation - Signature V4 - examples using SDKs

Example code snippet:






import java.util.HashMap;

import java.util.Map;


 * A utility for calculating an AWS Signature Version 4 signature headers for requests. See

 * for the full description.


 * @author xxx


public class SigningUtility {


     * Build the authorization headers to be added to the service request. 


     * @param regionName AWS region

     * @param url service URL

     * @param awsAccessKey AWS access key

     * @param awsSecretKey AWS secret key

     * @param messageBody the message body for POSTs

     * @param httpMethod the HTTP verb used for this message (GET, POST, etc)

     * @param serviceName the AWS service (s3, execite-api, ...)

     * @return authorisation headers to add to the request.


    public Map<String, String> getAuthorisationHeader(String regionName, String url, String awsAccessKey, String awsSecretKey, 

                                                      String messageBody, String httpMethod, String serviceName) {

        URL endpointUrl;

        try {

            endpointUrl = new URL(url);

        } catch (MalformedURLException e) {

            throw new RuntimeException("Unable to parse service endpoint: " + e.getMessage());


        String contentHashString;

        Map<String, String> headers = new HashMap<>();

        if ("POST".equals(httpMethod)) {

            // precompute hash of the body content

            byte[] contentHash = AWS4SignerBase.hash(messageBody);

            contentHashString = BinaryUtils.toHex(contentHash);

            headers.put("x-amz-content-sha256", contentHashString);

            headers.put("content-length", "" + messageBody.length());

        } else if ("GET".equals(httpMethod)) {

            contentHashString = AWS4SignerBase.EMPTY_BODY_SHA256;

            // for a simple GET, we have no body so supply the precomputed 'empty' hash

            headers.put("x-amz-content-sha256", AWS4SignerBase.EMPTY_BODY_SHA256);

        } else {

            throw new UnsupportedOperationException("This utility only supports GET and POST HTTP verbs for now");


        AWS4SignerForAuthorizationHeader signer = new AWS4SignerForAuthorizationHeader(

                endpointUrl, httpMethod, serviceName, regionName);

        String authorisation = signer.computeSignature(headers,

                null, // assume no query parameters




        headers.put("Authorization", authorisation);

        return headers;


The part will be finding the service name, and in the ElasticSearch case, it is es.

Related questions

Want to get 50% Hike on your Salary?

Learn how we helped 50,000+ professionals like you !

Welcome to Intellipaat Community. Get your technical queries answered by top developers!

30.5k questions

32.5k answers


108k users

Browse Categories