[FEATURE] - Support for S3 Authentication via Keys in External OpenSearch Deployments

[fquinino]

Is your feature request related to a problem?

Yes, the current issue lies in the limited usage of the threat intelligence feature in security analytics, which only allows retrieving feeds from an S3 bucket using ARN-based authentication. Since this is an open-source project, I run my OpenSearch outside of AWS, and the ARN method is only usable when the workload runs inside AWS to assume a role.

What solution would you like?

A solution would be to add support for S3 bucket authentication via access keys (AWS Access Key ID and Secret Access Key). This would enable people with S3 buckets in AWS to run their OpenSearch instances outside of AWS. Given that this is an open-source project, expanding the authentication methods would provide flexibility to users with hybrid or external deployments.

What alternatives have you considered?

Using ARN for authentication isn’t the only way to interact with S3 buckets. AWS keys (Access Key ID and Secret Access Key) are a valid and secure alternative for users running their workloads outside of AWS. It seems that the current code is optimized for environments running OpenSearch inside AWS, but expanding this functionality would increase its versatility.

Do you have any additional context?

For future releases, it would be beneficial to also support other types of feed storage.