通过AWS请求签名无法访问ES

I am building a golang RESTful API and trying to access ES using signed requests. I have followed documentation on AWS the documentation of the Golang AWS elastic search client package I am using (olivere/elastic)

Following golang code is used to create a new client

signer := v4.NewSigner(credentials.NewStaticCredentials("IAM_USER_ID", "IAM_USER_SECRET", ""))
awsClient, err := aws_signing_client.New(signer, nil, "es", "us-east-1")
if err != nil {
    return nil, err
}
return elastic.NewClient(
    elastic.SetURL("https://my-aws-endpoint.us-east-1.es.amazonaws.com"),
    elastic.SetScheme("https"),
    elastic.SetHttpClient(awsClient),
    elastic.SetSniff(false), // See note below
)

In ElasticSearch AWS console, I have modified an access policy like that: selected access policy templateaccess policy

Seems I am able to discover the ES node, but when I try to execute a query, ES return http status 403 – don't have permission.

I also have tried to grant IAM user with the AmazonESFullAccess policy but seems it doesn't have any effect.

There appears to be an issue in the signing library. The following pull request fixed it. (not yet merged) https://github.com/sha1sum/aws_signing_client/pull/3