abutaha · DustinKLo · Oct 16, 2020 · Oct 21, 2020 · Oct 30, 2020 · Oct 30, 2020
diff --git a/.gitignore b/.gitignore
@@ -3,3 +3,4 @@ vendor
 glide.lock
 dist
 .idea
+aws-es-proxy
diff --git a/README.md b/README.md
@@ -40,7 +40,8 @@ brew install aws-es-proxy
 ### Build from Source
 
 #### Dependencies:
-* go1.14+
+
+- go1.14+
 
 ```sh
 #requires go1.14
@@ -82,8 +83,6 @@ export AWS_SECRET_ACCESS_KEY=MY-SECRET-KEY
 }
 ```
 
-
-
 ## Usage example:
 
 You can use either argument `-endpoint` OR environment variable `ENDPOINT` to specify AWS ElasticSearch endpoint.
@@ -100,14 +99,14 @@ export ENDPOINT=https://test-es-somerandomvalue.eu-west-1.es.amazonaws.com
 Listening on 10.0.0.1:9200
 ```
 
-*aws-es-proxy* listens on 127.0.0.1:9200 if no additional argument is provided. You can change the IP and Port passing the argument `-listen`
+_aws-es-proxy_ listens on 127.0.0.1:9200 if no additional argument is provided. You can change the IP and Port passing the argument `-listen`
 
 ```sh
 ./aws-es-proxy -listen :8080 -endpoint ...
 ./aws-es-proxy -listen 10.0.0.1:9200 -endpoint ...
 ```
 
-By default, *aws-es-proxy* will not display any message in the console. However, it has the ability to print requests being sent to Amazon Elasticsearch, and the duration it takes to receive the request back. This can be enabled using the option `-verbose`
+By default, _aws-es-proxy_ will not display any message in the console. However, it has the ability to print requests being sent to Amazon Elasticsearch, and the duration it takes to receive the request back. This can be enabled using the option `-verbose`
 
 ```sh
 ./aws-es-proxy -verbose ...
@@ -152,11 +151,16 @@ Usage of ./aws-es-proxy:
         Print user requests
   -version
         Print aws-es-proxy version
+  -assume
+        Optionally specify role to assume
+  -region
+        AWS Region, optional (ex. us-west-2)
+  -insecure
+        Will not verify SSL (default false)
 ```
 
-
 ## Using HTTP Clients
 
-After you run *aws-es-proxy*, you can now open your Web browser on [http://localhost:9200](http://localhost:9200). Everything should be working as you have your own instance of ElasticSearch running on port 9200.
+After you run _aws-es-proxy_, you can now open your Web browser on [http://localhost:9200](http://localhost:9200). Everything should be working as you have your own instance of ElasticSearch running on port 9200.
 
-To access Kibana, use [http://localhost:9200/_plugin/kibana/app/kibana](http://localhost:9200/_plugin/kibana/app/kibana)
+To access Kibana, use [http://localhost:9200/\_plugin/kibana/app/kibana](http://localhost:9200/_plugin/kibana/app/kibana)
diff --git a/aws-es-proxy.go b/aws-es-proxy.go
@@ -3,6 +3,7 @@ package main
 import (
 	"bytes"
 	"crypto/subtle"
+	"crypto/tls"
 	"encoding/json"
 	"flag"
 	"fmt"
@@ -32,7 +33,6 @@ import (
 )
 
 func logger(debug bool) {
-
 	formatFilePath := func(path string) string {
 		arr := strings.Split(path, "/")
 		return arr[len(arr)-1]
@@ -93,7 +93,6 @@ type proxy struct {
 }
 
 func newProxy(args ...interface{}) *proxy {
-
 	noRedirect := func(req *http.Request, via []*http.Request) error {
 		return http.ErrUseLastResponse
 	}
@@ -122,6 +121,8 @@ func newProxy(args ...interface{}) *proxy {
 		realm:           args[9].(string),
 		remoteTerminate: args[10].(bool),
 		assumeRole:      args[11].(string),
+		region:          args[12].(string),
+		service:         "es",
 	}
 }
 
@@ -158,9 +159,8 @@ func (p *proxy) parseEndpoint() error {
 	p.scheme = link.Scheme
 	p.host = link.Host
 
-	// AWS SignV4 enabled, extract required parts for signing process
-	if !p.nosignreq {
-
+	// AWS SignV4 enabled, extract required parts for signing process (if region flag is not supplied)
+	if !p.nosignreq && p.region == "" {
 		split := strings.SplitAfterN(link.Hostname(), ".", 2)
 
 		if len(split) < 2 {
@@ -382,7 +382,6 @@ func (p *proxy) ServeHTTP(w http.ResponseWriter, r *http.Request) {
 	}
 
 	if p.logtofile {
-
 		requestID := primitive.NewObjectID().Hex()
 
 		reqStruct := &requestStruct{
@@ -460,7 +459,6 @@ func copyHeaders(dst, src http.Header) {
 				dst.Add(k, v)
 			}
 		}
-
 	}
 }
 
@@ -485,6 +483,8 @@ func main() {
 		timeout         int
 		remoteTerminate bool
 		assumeRole      string
+		region          string
+		insecure        bool
 	)
 
 	flag.StringVar(&endpoint, "endpoint", "", "Amazon ElasticSearch Endpoint (e.g: https://dummy-host.eu-west-1.es.amazonaws.com)")
@@ -502,6 +502,8 @@ func main() {
 	flag.StringVar(&realm, "realm", "", "Authentication Required")
 	flag.BoolVar(&remoteTerminate, "remote-terminate", false, "Allow HTTP remote termination")
 	flag.StringVar(&assumeRole, "assume", "", "Optionally specify role to assume")
+	flag.StringVar(&region, "region", "", "AWS Region, optional (ex. us-west-2)")
+	flag.BoolVar(&insecure, "insecure", false, "Verify SSL")
 	flag.Parse()
 
 	if endpoint == "" {
@@ -549,15 +551,21 @@ func main() {
 		realm,
 		remoteTerminate,
 		assumeRole,
+		region,
 	)
 
+	if insecure == true {
+		p.httpClient.Transport = &http.Transport{
+			TLSClientConfig: &tls.Config{InsecureSkipVerify: true},
+		}
+	}
+
 	if err = p.parseEndpoint(); err != nil {
 		logrus.Fatalln(err)
 		os.Exit(1)
 	}
 
 	if p.logtofile {
-
 		requestFname := fmt.Sprintf("request-%s.log", primitive.NewObjectID().Hex())
 		if fileRequest, err = os.Create(requestFname); err != nil {
 			log.Fatalln(err.Error())
@@ -572,7 +580,6 @@ func main() {
 
 		p.fileRequest = fileRequest
 		p.fileResponse = fileResponse
-
 	}
 
 	logrus.Infof("Listening on %s...\n", listenAddress)