How to public access of Elastic vpc endpoint

Question

I have create elastic service in AWS with Dev Testing(t2 small)

Detials shown below

VPCvpc-7620c30b
Security Groups
sg-7e9b1759
IAM RoleAWSServiceRoleForAmazonElasticsearchService
AZs and Subnets
us-east-1e: subnet-2f100a11

How to access my VPC endpoint https://vpc-xxx.us-east-1.es.amazonaws.com access from outside.

Kibana is below : https://vpc-xx.us-east-1.es.amazonaws.com/_plugin/kibana/

I am not running on Ec2 instance

Answer 1

From docs:

To access the default installation of Kibana for a domain that resides within a VPC, users must have access to the VPC. This process varies by network configuration, but likely involves connecting to a VPN or managed network or using a proxy server.

One way of setting up the proxy server has been explained in detail in the recent AWS blog post:

• How do I use an NGINX proxy to access Kibana from outside a VPC that's using Amazon Cognito authentication?

The instruction could also be adapted to not using Congnito.

Extra links, with other, probably easier setup with ssh tunnels:

• How to connect to AWS Elasticsearch cluster from outside of the VPC

• How To: Access Your AWS VPC-based Elasticsearch Cluster Locally

• SSH Tunnel Access to AWS ElasticSearch Domain and Kibana | Howto

• How can I use an SSH tunnel to access Kibana from outside of a VPC with Amazon Cognito authentication?

Answer 2

VPC endpoints are not accessible directly from outside of the VPC.

If you want to allow this you will need to use a proxy instance in your VPC that can connect to the VPC endpoint, then proxy all requests through the EC2 instance in order to access the endpoint.

More information is available here.