Connect a clientedit

You can leverage two authentication mechanisms to reach your Elasticsearch cluster, API Key and basic authentication:

API keyedit

$client = ClientBuilder::create()
            ->setElasticCloudId('<CloudID>')
            ->setApiKey('<Id>', '<APIKey>')
            ->build();
$client->info();
cfg := elasticsearch.Config{
  CloudID: "<CloudID>",
  APIKey:  "<base64-encoded-APIKey>",
}

es, _ := elasticsearch.NewClient(cfg)
res, _ := es.Info()
client = Elasticsearch::Client.new(
  cloud_id: '<CloudID>'
  user: '<Username>',
  password: '<Password>',
)
RestHighLevelClient client = new RestHighLevelClient(
    RestClient.builder("<CloudID>"))
    .setDefaultHeaders(
        new Header[]{new BasicHeader("Authorization", "Bearer " + "<base64-encoded-APIKey>")});
MainResponse response = client.info(RequestOptions.DEFAULT);
const client = new Client({
  cloud: {
    id: '<CloudID>'
  },
  auth: {
    apiKey: '<base64-encoded-APIKey>'
  }
})
client.info()
from elasticsearch import Elasticsearch
es = Elasticsearch(cloud_id="<CloudID>", api_key=('<Id>', '<APIKey>'))
es.info()
var apiKey = new ApiKeyAuthenticationCredentials("<base64-encoded-APIKey>");
var client = new ElasticClient("<CloudID>", apiKey);
var response = client.RootNodeInfo();
# With Header: "Authorization: APIKey <base64-encoded-APIKey>"
GET /

Basic authenticationedit

$client = ClientBuilder::create()
            ->setElasticCloudId('<CloudID>')
            ->setBasicAuthentication('<Username>', '<Password>')
            ->build();
$client->info();
cfg := elasticsearch.Config{
  CloudID:  "<CloudID>",
  Username: "<Username>",
  Password: "<Password>",
}

es, _ := elasticsearch.NewClient(cfg)
res, _ := es.Info()
Elasticsearch::Client.new(
  cloud_id: '<CloudID>',
  api_key: {id: '<Id>', api_key: '<APIKey>'}
)
final CredentialsProvider credentialsProvider =
    new BasicCredentialsProvider();
credentialsProvider.setCredentials(AuthScope.ANY,
    new UsernamePasswordCredentials("<Username>", "<Password>"));
RestHighLevelClient client = new RestHighLevelClient(
    RestClient.builder("<CloudID>"))
    .setHttpClientConfigCallback(new HttpClientConfigCallback() {
        @Override
        public HttpAsyncClientBuilder customizeHttpClient(
                HttpAsyncClientBuilder httpClientBuilder) {
            return httpClientBuilder
                .setDefaultCredentialsProvider(credentialsProvider);
        }
    });
MainResponse response = client.info(RequestOptions.DEFAULT);
const client = new Client({
  cloud: {
    id: '<CloudID>'
  },
  auth: {
    username: '<Username>',
    password: '<Password>'
  }
})
client.info()
from elasticsearch import Elasticsearch
es = Elasticsearch(cloud_id="<CloudID>", http_auth=('<Username>','<Password>'))
es.info()
var credentials = new BasicAuthenticationCredentials("<Username>", "<Password>");
var client = new ElasticClient("<CloudID>", credentials);
var response = client.RootNodeInfo();
# With Basic Auth: <Username>:<Password>
GET /

If your application connecting to Elasticsearch Service runs under the Java security manager, you should disable at least the caching of positive hostname resolutions. To learn more, see Disable DNS caching.

Disable DNS cachingedit

If your application connecting to Elasticsearch Service runs under the Java security manager, you might be subject to the JVM default policies of caching positive hostname resolutions indefinitely and caching negative hostname resolutions for ten seconds. Because both the Java REST client and the transport client connect through an Elastic load balancer which can change IP addresses, you must disable at least the caching of positive hostname resolutions.

You disable the caching of positive hostname resolutions by setting the security property networkaddress.cache.ttl in $JAVA_HOME/lib/security/java.security (negative hostname resolutions can be disabled with networkaddress.cache.negative.ttl). You can also disable caching programmatically by setting java.security.Security.setProperty("networkaddress.cache.ttl" , "60"), for example.

You cannot configure caching of DNS lookups as a JVM-property. Setting -Dnetworkaddress.cache.ttl=60 does not work, for example.

To learn more about configuring your JVM, see the official Java documentation:

Disable Sniffingedit

Sniffing must be disabled. IP sniffing is not supported by design and will not return the expected results, as all instances are behind a load balancer. We prevent IP sniffing from returning the expected results to improve the security of our underlying Elasticsearch Service infrastructure.

Enable Compressionedit

The compression of HTTP requests provides a performance benefit and should be enabled. Compression is especially useful when doing bulk loads or inserting large documents over a capacity-limited network connection.