Auth Sig V4

Auth Sig V4 (AWS Signature Version 4) is a protocol used to authenticate requests to Amazon Web Services (AWS) APIs. It is a more secure and flexible way to authenticate requests compared to previous versions. The protocol involves a series of steps to create a digital signature based on the request data, which is then included in the Authorization header of the request. This signature is used to verify that the request is authentic and has not been tampered with in transit.

Configuring OpenSearch Output with Auth Sig V4

Auth Sig V4 can be used to connect to Amazon OpenSearch serverless. To connect and configure the flow collectors output OpenSearch, you can use the following environment variables:

• EF_OUTPUT_OPENSEARCH_AWS_ACCESS_KEY: This is the AWS access key ID for the OpenSearch cluster you want to connect to.

• EF_OUTPUT_OPENSEARCH_AWS_REGION: This is the AWS region for the OpenSearch cluster you want to connect to.

• EF_OUTPUT_OPENSEARCH_AWS_SECRET_KEY: This is the AWS secret access key for the OpenSearch cluster you want to connect to.

Connecting to AWS OpenSearch Serverless

1. Sign in to your aws account

2. Navigate to the OpenSearch service and click on the "Create a domain" button

   

   create-domain
3. Fill out the desired configuration for your domain and click "Next"

   

   fill-details
4. Once you have finished the creation wizard, your domain will be created. You will be able to see the endpoint URL in the "Overview" tab

   

   overview
5. Configure the ElastiFlow flow collector's OpenSearch output to include aws related configurations

   ...
   EF_OUTPUT_OPENSEARCH_AWS_ACCESS_KEY: <your aws access key>
   EF_OUTPUT_OPENSEARCH_AWS_REGION: <your aws region>
   EF_OUTPUT_OPENSEARCH_AWS_SECRET_KEY: <your aws secret key>
   ...

6. Restart the flow collector, and you should be able to see the flow data in your OpenSearch domain