Follow up on my ES questions: It turns out that when using AWS-hosted ES, you have the ability to use IAM RBAC, so you need to sign outgoing http requests. Now, Cognitect’s aws-api provides a credential provider: credentials-provider which I can use call fetch on and it will give me the needed credentials. I found https://github.com/zarkone/aws-sig4 which seems to be providing both the building blocks and a clj-http middleware, but I’d prefer if I could reuse the cognitect aws-api for that too and provide my own wrapper for clj-http. It seems to be a common request for other reasons: https://github.com/cognitect-labs/aws-api/issues/5 — so, (deep breath) — any news or input on that?

interesting, wasn't aware of that fork from org.sharetribe/aws-sig4 (which I've used before and has worked well)

@orestis I tried to make it work but gave up :-) instead we run the ES cluster in a special subnet with no ingress/egress outside of the VPC + security group rules