It would be nice for those of us using aws elasticsearch if we could sign requests made to elasticsearch. This just gives us an extra level of security where we’re able to authorize which machines are able to access our elasticsearch cluster based on IAM role.
It looks like the elasticsearch library temporal is using supports this, we would just have to allow it to be configured this way. See https://github.com/olivere/elastic/blob/release-branch.v6/recipes/aws-connect-v4/main.go for an example of how they connect.
You can read about signing requests in the aws documentation here: https://docs.aws.amazon.com/elasticsearch-service/latest/developerguide/es-request-signing.html