How to request from EC2 to elasticsearch service?

Question

i'm newbie in cloud services especially aws,i just starting understand what is VPC security groups

i tried to connect elasticsearch service from ec2 but it gives me TIMEOUT error. i know something related with security groups

Access policy

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Principal": {
        "AWS": "arn:aws:iam::xxxxxxxxx:root"
      },
      "Action": "es:*",
      "Resource": "arn:aws:es:xxxx:xxxxx:domain/xxxxx-es/*"
    }
  ]
}

and ec2 and es services connected to the same VPC. did i miss something ? Thank you

Answer 1

SOLVED

The problem was with security groups i allowed access to port 443 from the instance and it works like a charm.

Answer 2

I would recommend using AWS Console for the first time to understand the components involved in Elastic Search and the basic configuration steps.

Follow the link 'Get Started With...' in https://aws.amazon.com/elasticsearch-service/getting-started/?nc=sn&loc=4

Once it is done, maybe you can write cloud formation script to accomplish the same.

Answer 3

You need to modify the ELK cluster access policy.

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Principal": {
        "AWS": "*"
      },
      "Action": "es:*",
      "Resource": "arn:aws:es:us-west-2:YOUR_ACCOUNT_ID:domain/YOUR_DOMAIN_NAME/*",
      "Condition": {
        "IpAddress": {
          "aws:SourceIp": [
            "172.0.0.0/29",
            "10.0.0.0/16"
          ]
        }
      }
    }
  ]
}

Select Domain -> Modify Access policy

set-access-control-for-amazon-elasticsearch-service

Make sure how you create ES.

When you create a domain, you specify whether it should have a public endpoint or reside within a VPC. Once created, you cannot switch from one to the other. Instead, you must create a new domain and either manually reindex or migrate your data.

es-vpc