Amazon Elasticsearch access control may be based on IAM account with signed request mechanism One way not to rewrite all applications is using such a proxy