Reputation: 153
AWS Elasticsearch & VPC - configuring network access from my fixed IP
I am unable to access AWS Elasticsearch Kibana with a browser.
I have set up an Elasticsearch instance within my VPC exactly as described here;
https://aws.amazon.com/blogs/aws/amazon-elasticsearch-service-now-supports-vpc/
I used the default IAM access policy template which is basicaly all current IAM profiles (*)
My EC2 webapp (xenforo forum) is happily connected and chugging away.
I would like to access my elasticsearch domain kibana endpoint via browser from my home PC.
The security group I attached to the cluster configuration includes a rule to allow ALL TCP inbound from my home broadband fixed IP address.
I log into the AWS console, click the Kibana link from the elasticsearch domain overview and... nothing, times out.
I have read everything I can find on the matter. No joy - except perhaps I should be signing my https requests as well which seems crazy complicated and my understanding is that IP access should be configurable with security groups?
Can anyone clarify?
Upvotes: 12
Views: 4203
Answers (2)
Reputation: 593
Hi There are many ways to access Kibana here are some of them that I found:-
- Use an SSH tunnel. For information on how to do this :- https://aws.amazon.com/premiumsupport/knowledge-center/kibana-outside-vpc-ssh-elasticsearch
Advantages: Provides a secure connection over the SSH protocol. All connections use the SSH port. Disadvantages: Requires client-side configuration and a proxy server.
- Use an NGINX Proxy. For information on how to do this, please visit reference :- https://aws.amazon.com/premiumsupport/knowledge-center/kibana-outside-vpc-nginx-elasticsearch
Advantages: Setup is easier, because only server-side configuration is required. Uses standard HTTP (port 80) and HTTPS (port 443). Disadvantages: Requires a proxy server. The security level of the connection depends on how the proxy server is configured.
Upvotes: 0
Reputation: 787
to access Kibana, it seems the only way is pass proper header with your requests to.
We solved it by using https://github.com/abutaha/aws-es-proxy - its not niciest, but works for us.
- requires to have aws-cli installed
- requires to do bit of setup, but works well afterwards
hope it helps
Upvotes: 2
Related Questions
- How do I create an AWS VPC Endpoint for Elasticsearch?
- Elasticsearch in a custom VPC
- AWS Elasticsearch VPC connectivity
- How to public access of Elastic vpc endpoint
- Connect to Elasticsearch Service from Lambda in the same VPC
- Accessing AWS Elasticsearch VPC endpoint through VPC peering
- Access Elastic Search internet endpoint only from my VPC/Subnets
- Enable remote access from one custom IP to Elasticsearch cluster
- Amazon AWS elasticsearch Kibana access from browser
- Kibana cannot talk to Elasticsearch cluster in VPC