Join GitHub today
GitHub is home to over 36 million developers working together to host and review code, manage projects, and build software together.Sign up
cloud-aws plugin: Option to explicitly set x-amz-acl: Private #14103
While ACL Private is a default, it would be nice to permit ElasticSearch nodes to explicitly set the desired ACL for the snapshots they create. This can then be validated by an S3 Bucket Policy, which can reject clients that try to upload objects to S3 that aren't set as Private.
referenced this issue
Oct 14, 2015
Sorry, I'm not a Java dev, so I have no faith that any Java I would try would even compile. But a rough draft as a patch, totally untested, uncompiled, and unsure if this helps:
Would be useful to also permit admins to set an "x-amz-acl" header of "bucket-owner-full-control" to enable sending snapshots to an S3 bucket owned by another account for escrow/compliance purposes and letting that separate account own the objects deposited there.