Enable to use Amazon Elasticsearch Service with IAM auth

Author: yukato

composer.json

@@ -21,7 +21,8 @@
     "illuminate/database": "~4.2|^5",
     "illuminate/config": "~4.2|^5",
     "nesbot/carbon": "~1.0",
-    "elasticsearch/elasticsearch": ">1.0 <2.2"
+    "elasticsearch/elasticsearch": ">1.0 <2.2",
+    "aws/aws-sdk-php": "^3.18"
   },
   "require-dev": {
     "phpunit/phpunit": "~4.2|~5.0",

src/ElasticquentClientTrait.php

@@ -2,6 +2,13 @@
 
 namespace Elasticquent;
 
+use GuzzleHttp\Psr7\Request;
+use Aws\Signature\SignatureV4;
+use Aws\Credentials\Credentials;
+use GuzzleHttp\Ring\Future\CompletedFutureArray;
+use GuzzleHttp\Psr7\Uri;
+use Psr\Http\Message\ResponseInterface;
+
 trait ElasticquentClientTrait
 {
 
@@ -19,11 +26,72 @@ public function getElasticSearchClient()
 
         // elasticsearch v2.0 using builder
         if (class_exists('\Elasticsearch\ClientBuilder')) {
+            $awsConfig = $this->getElasticConfig('aws');
+            if ( ! empty($awsConfig) && array_get($this->getElasticConfig('aws'), 'iam', false)) {
+                if ($handler = $this->getAwsESHandler()) {
+                    array_set($config, 'handler', $handler);
+                }
+            }
+
             return \Elasticsearch\ClientBuilder::fromConfig($config);
         }
 
         // elasticsearch v1
         return new \Elasticsearch\Client($config);
     }
 
+
+    /**
+     * @return bool|\Closure
+     */
+    private function getAwsESHandler()
+    {
+        $awsConfig = $this->getElasticConfig('aws');
+        if (empty($awsConfig)) {
+            return false;
+        }
+
+        $key    = array_get($awsConfig, 'key');
+        $secret = array_get($awsConfig, 'secret');
+        $region = array_get($awsConfig, 'region', 'us-west-2');
+
+        $psr7Handler = \Aws\default_http_handler();
+        $signer      = new SignatureV4('es', $region);
+
+        $handler = function (array $request) use (
+            $psr7Handler,
+            $signer,
+            $key,
+            $secret
+        ) {
+            // Amazon ES listens on standard ports (443 for HTTPS, 80 for HTTP).
+            $request['headers']['host'][0] = parse_url($request['headers']['host'][0], PHP_URL_HOST);
+
+            $credentials = new Credentials($key, $secret);
+
+            // Create a PSR-7 request from the array passed to the handler
+            $psr7Request = new Request($request['http_method'],
+                (new Uri($request['uri']))->withScheme($request['scheme'])->withHost($request['headers']['host'][0]),
+                $request['headers'], $request['body']);
+
+            // Sign the PSR-7 request with credentials from the environment
+            $signedRequest = $signer->signRequest($psr7Request, $credentials);
+
+            // Send the signed request to Amazon ES
+            /** @var ResponseInterface $response */
+            $response = $psr7Handler($signedRequest)->wait();
+
+            // Convert the PSR-7 response to a RingPHP response
+            return new CompletedFutureArray([
+                'status'         => $response->getStatusCode(),
+                'headers'        => $response->getHeaders(),
+                'body'           => $response->getBody()->detach(),
+                'transfer_stats' => ['total_time' => 0],
+                'effective_url'  => (string)$psr7Request->getUri(),
+            ]);
+        };
+
+        return $handler;
+    }
+
 }

src/config/elasticquent.php

@@ -29,4 +29,16 @@
 
     'default_index' => 'my_custom_index_name',
 
+    /*
+    |--------------------------------------------------------------------------
+    | Enable to use Amazon Elasticsearch Service
+    |--------------------------------------------------------------------------
+    */
+    'aws' => [
+        'iam'    => true,
+        'key'    => 'YOUR_AWS_KEY',
+        'secret' => 'YOUR_AWS_SECRET',
+        'region' => 'us-west-2',
+    ]
+
 ];