You can connect to a deployment secured with the X-Pack security features or Shield by using the transport client. In addition to the standard transport client configuration, you’ll need to ensure two key points for Elasticsearch Service deployments:
- The X-Found-Cluster header must be included, indicating which cluster to route the connections to.
The connecting user must have the
transport_clientrole as well as the
Some limitations apply when you use the transport client. To learn more, see Transport client (Restrictions and known problems).
Here is an example of how to create a transport client to connect to Elasticsearch Service:
// Build the settings for our client. String clusterId = "ac01aa2425e4a5bafdebf5100af3e9b37401055b"; // Your cluster ID here String region = "us-east-1"; // Your region here boolean enableSsl = true; Settings settings = Settings.settingsBuilder() .put("transport.ping_schedule", "5s") //.put("transport.sniff", false) // Disabled by default and *must* be disabled. .put("cluster.name", clusterId) .put("action.bulk.compress", false) .put("shield.transport.ssl", enableSsl) .put("request.headers.X-Found-Cluster", clusterId) .put("shield.user", "username:password") // your shield username and password .build(); String hostname = clusterId + "." + region + ".aws.found.io"; // Instantiate a TransportClient and add the cluster to the list of addresses to connect to. // Only port 9343 (SSL-encrypted) is currently supported. Client client = TransportClient.builder() .addPlugin(ShieldPlugin.class) .settings(settings) .build() .addTransportAddress(new InetSocketTransportAddress(InetAddress.getByName(hostname), 9343));
The example is for an ES 2.1 cluster. See GitHub for examples that work with other versions.
Some additional configuration steps might be required, such as adding the Shield JAR to your classpath. To learn more, see Configuring the Transport Client to work with a Secured Cluster (X-Pack) and Configuring the Transport Client to work with Shield.
Transport client support for Elasticsearch 6.x was added in version 6.2.4 and later ported back to make it available to newly created Elasticsearch 6.1 and 6.0 clusters. If you have an existing version 6.0 or 6.1 cluster without transport client support, you can use the transport client by upgrading your cluster to version 6.2.4 first.