Configuring SugarCRM to use ElasticSearch with AWS Auth

Hey John,

I've been working with a new AWS ElasticSearch Service domain recently–you're right. The documentation is pretty much non-existent.

After reading through the Elastica source code, it looks like it operates on one of `80` or `443` depending upon an SSL configuration option. SugarCRM is wrapping Elastica and I believe `port` is entirely ignored. Unfortunately, I believe `ssl` is also ignored at this time, and it forces operation on `80` only. I'm waiting to here back from support on this limitation:

// This configuration only works for an AWS Search Domain Configured without SSL
$sugar_config['full_text_engine']['Elastic'] = [
    'host' => '<host>', // Ex. vpc-your-es-domain-xxxxxyyyyyzzzzz.us-east-1.es.amazon.com
    'transport' => 'AwsAuthV4',
    'aws_region' => '<region>', // Ex. us-east-1
    'aws_access_key_id' => '<key id>',
    'aws_secret_access_key' => '<access key>'
];

Initially, I was also running into a problem by copying the full host from AWS when the host here must not have a protocol attached, that is do not include 'http://' or 'https://', which I believe goes for all Elastic systems, but it was just too tempting to copy and paste from the AWS Console.

Hey John,

I've been working with a new AWS ElasticSearch Service domain recently–you're right. The documentation is pretty much non-existent.

After reading through the Elastica source code, it looks like it operates on one of `80` or `443` depending upon an SSL configuration option. SugarCRM is wrapping Elastica and I believe `port` is entirely ignored. Unfortunately, I believe `ssl` is also ignored at this time, and it forces operation on `80` only. I'm waiting to here back from support on this limitation:

// This configuration only works for an AWS Search Domain Configured without SSL
$sugar_config['full_text_engine']['Elastic'] = [
    'host' => '<host>', // Ex. vpc-your-es-domain-xxxxxyyyyyzzzzz.us-east-1.es.amazon.com
    'transport' => 'AwsAuthV4',
    'aws_region' => '<region>', // Ex. us-east-1
    'aws_access_key_id' => '<key id>',
    'aws_secret_access_key' => '<access key>'
];

Initially, I was also running into a problem by copying the full host from AWS when the host here must not have a protocol attached, that is do not include 'http://' or 'https://', which I believe goes for all Elastic systems, but it was just too tempting to copy and paste from the AWS Console.

You're right, with AwsAuthV4 it ignores 'port' and forces it to 80 or 443 depending on the 'ssl' option, which Sugar is dropping.  It's still an issue in 11.0.2, so I'm opening a Case to hopefully get this addressed.

The following works if I add 'ssl' to the connAllowedConfig array in src/Elasticsearch/Adapter/Client.php.  I didn't discover this until recently when I tried to 'Require HTTPS Traffic', googled, and came across my own post ...

$sugar_config['full_text_engine']['Elastic'] = [
    'host' => 'search-xxxxxx.es.amazonaws.com',
    'transport' => 'AwsAuthV4',
    'ssl' => true,
    'aws_region' => 'xx-xxxx-x',
    'aws_access_key_id' => 'AXXXXXX',
    'aws_secret_access_key' => 'XXXXXXX'
];

BUG-87469 was opened in June 2021 to address this, so hopefully it can be addressed soon as it's just a 1 line change.