Explore Courses Blog Tutorials Interview Questions
0 votes
1 view
in AWS by (19.1k points)

I'm using the aws managed elasticsearch/ I'm using the high-level java client for elastic search. Is there a way to use aws signature4 signing for the requests made with the high-level client?

1 Answer

0 votes
by (44.3k points)

Adding appropriate headers and signing calculations to your request is more than enough. Read this documentation - Signature V4 - examples using SDKs

Example code snippet:






import java.util.HashMap;

import java.util.Map;


 * A utility for calculating an AWS Signature Version 4 signature headers for requests. See

 * for the full description.


 * @author xxx


public class SigningUtility {


     * Build the authorization headers to be added to the service request. 


     * @param regionName AWS region

     * @param url service URL

     * @param awsAccessKey AWS access key

     * @param awsSecretKey AWS secret key

     * @param messageBody the message body for POSTs

     * @param httpMethod the HTTP verb used for this message (GET, POST, etc)

     * @param serviceName the AWS service (s3, execite-api, ...)

     * @return authorisation headers to add to the request.


    public Map<String, String> getAuthorisationHeader(String regionName, String url, String awsAccessKey, String awsSecretKey, 

                                                      String messageBody, String httpMethod, String serviceName) {

        URL endpointUrl;

        try {

            endpointUrl = new URL(url);

        } catch (MalformedURLException e) {

            throw new RuntimeException("Unable to parse service endpoint: " + e.getMessage());


        String contentHashString;

        Map<String, String> headers = new HashMap<>();

        if ("POST".equals(httpMethod)) {

            // precompute hash of the body content

            byte[] contentHash = AWS4SignerBase.hash(messageBody);

            contentHashString = BinaryUtils.toHex(contentHash);

            headers.put("x-amz-content-sha256", contentHashString);

            headers.put("content-length", "" + messageBody.length());

        } else if ("GET".equals(httpMethod)) {

            contentHashString = AWS4SignerBase.EMPTY_BODY_SHA256;

            // for a simple GET, we have no body so supply the precomputed 'empty' hash

            headers.put("x-amz-content-sha256", AWS4SignerBase.EMPTY_BODY_SHA256);

        } else {

            throw new UnsupportedOperationException("This utility only supports GET and POST HTTP verbs for now");


        AWS4SignerForAuthorizationHeader signer = new AWS4SignerForAuthorizationHeader(

                endpointUrl, httpMethod, serviceName, regionName);

        String authorisation = signer.computeSignature(headers,

                null, // assume no query parameters




        headers.put("Authorization", authorisation);

        return headers;


The part will be finding the service name, and in the ElasticSearch case, it is es.

Related questions

Welcome to Intellipaat Community. Get your technical queries answered by top developers!

28.4k questions

29.7k answers


94.1k users

Browse Categories