elasticsearch-aws doesn't seem to always need a signature

[codefromthecrypt]

I noticed when you boot up an elasticsearch instance, you can still hit the root and health check URLs with no signature. Of course, if you goof a signature, it will yell.

It would be cool if someone can help dig out when exactly we need to sign requests, especially as pertains to health checks.

cc @devinsba @jcarres-mdsol

[anuraaga]

While playing with a cluster on AWS, I noticed I could curl the health endpoint when the security settings restricted to IP. When restricting to an account, I couldn't curl it. So I'm suspecting it depends on settings of the cluster itself and may not be practical for us to skip the signature.