Configuring SugarCRM to use ElasticSearch with AWS Auth

After a bit of searching I didn't see this posted anywhere, and the official Sugar docs specify that the only allowed 'transport' values are 'http' or 'https'.

$sugar_config['full_text_engine']['Elastic'] = [
    'host' => '<host>',
    'port' => '9200',
    'transport' => 'AwsAuthV4',
    'aws_region' => '<region>', // Ex. us-east-1
    'aws_access_key_id' => '<key id>',
    'aws_secret_access_key' => '<access key>'
];

Verified to connect on Sugar Enterprise 8.0.x which ships with Elastica 6.0.1.

  • Hey John,

    I've been working with a new AWS ElasticSearch Service domain recently–you're right. The documentation is pretty much non-existent.

    After reading through the Elastica source code, it looks like it operates on one of `80` or `443` depending upon an SSL configuration option. SugarCRM is wrapping Elastica and I believe `port` is entirely ignored. Unfortunately, I believe `ssl` is also ignored at this time, and it forces operation on `80` only. I'm waiting to here back from support on this limitation:

    // This configuration only works for an AWS Search Domain Configured without SSL
    $sugar_config['full_text_engine']['Elastic'] = [
        'host' => '<host>', // Ex. vpc-your-es-domain-xxxxxyyyyyzzzzz.us-east-1.es.amazon.com
        'transport' => 'AwsAuthV4',
        'aws_region' => '<region>', // Ex. us-east-1
        'aws_access_key_id' => '<key id>',
        'aws_secret_access_key' => '<access key>'
    ];

    Initially, I was also running into a problem by copying the full host from AWS when the host here must not have a protocol attached, that is do not include 'http://' or 'https://', which I believe goes for all Elastic systems, but it was just too tempting to copy and paste from the AWS Console.

  • You're right, with AwsAuthV4 it ignores 'port' and forces it to 80 or 443 depending on the 'ssl' option, which Sugar is dropping.  It's still an issue in 11.0.2, so I'm opening a Case to hopefully get this addressed.

    The following works if I add 'ssl' to the connAllowedConfig array in src/Elasticsearch/Adapter/Client.php.  I didn't discover this until recently when I tried to 'Require HTTPS Traffic', googled, and came across my own post ...

    $sugar_config['full_text_engine']['Elastic'] = [
        'host' => 'search-xxxxxx.es.amazonaws.com',
        'transport' => 'AwsAuthV4',
        'ssl' => true,
        'aws_region' => 'xx-xxxx-x',
        'aws_access_key_id' => 'AXXXXXX',
        'aws_secret_access_key' => 'XXXXXXX'
    ];
    

    BUG-87469 was opened in June 2021 to address this, so hopefully it can be addressed soon as it's just a 1 line change.