aws-es with vpc

Question

aws-es with vpc

Closed this issue 4 years ago · 5 comments

Hello,

I just want to know if this proxy is working on aws-es 6.2 with vpc? We've tried it on our machine but unfortunately we can't run it successfully.

Thank you.

Answer 1 · 2018-07-02T11:18:55.000Z

Just been trying to work this out myself, I can't see how it would work with VPC.

Answer 2 · 2018-08-24T15:00:02.000Z

Unless you do something like Direct Connect to make your machine act as though it's part of the VPC this isn't possible.

Your best bet would be to run the proxy on an EC2 and that EC2 be made publicly accessible, but with the extra hop it's likely not worth the trouble. Making the domain public instead of on the VPC and curating a good access policy on the domain should work just fine.

Answer 3 · 2018-11-01T20:29:29.000Z

Did you tried using the latest version and passing '-no-sign-reqs'? This argument will disable signing the requests, making the proxy working with literally any ElasticSearch server.

You also need to have the proxy running on an EC2 instance that is part of ElasticSearchs's VPC. If you want to run from your local machine, you will have to use VPN. Either VPC VPN or install a VPN server in an EC2 instance that is resident of the same VPC of ElasticSearch.

Please test and let me know.

Thanks,

Answer 4 · 2018-11-01T20:42:30.000Z

I just remembered that you can use SSH to tunnel the traffic from your local machine to an EC2 instance without the need of a VPN.

I didn't try this, but I think it works:

Create the SSH tunnel to listen on port 8888

ssh -i .pem -D 8888 ubuntu@ec2-ip

Configure your terminal to use the tunnel:

export HTTP_PROXY="ec2-ip:8888"

run aws-es-proxy

Answer 5 · 2018-12-03T14:17:58.000Z

This article worked for me using ES behind a VPN. I had an ec2 instance running NGINX as a reverse proxy.

https://sysadmins.co.za/aws-access-kibana-5-behind-elb-via-nginx-reverse-proxy-on-custom-dns/

In my case I am access via a subdirectory https://domain.com/kibana

      location /kibana {
        proxy_set_header Host vpc-foo.us-east-1.es.amazonaws.com;

        proxy_http_version 1.1;
        proxy_set_header Connection "Keep-Alive";
        proxy_set_header Proxy-Connection "Keep-Alive";
        proxy_set_header Authorization "";

        proxy_pass https://vpc-foo.us-east-1.es.amazonaws.com/_plugin/kibana/;
        proxy_redirect https://vpc-foo.us-east-1.es.amazonaws.com/_plugin/kibana/ https://domain.com/kibana/;
      }

      location ~ (/app/kibana|/app/timelion|/bundles|/es_admin|/plugins|/api|/ui|/elasticsearch) {
         proxy_pass              https://vpc-foo.us-east-1.es.amazonaws.com;
         proxy_set_header        Host $host;
         proxy_set_header        X-Real-IP $remote_addr;
         proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
         proxy_set_header        X-Forwarded-Proto $scheme;
         proxy_set_header        X-Forwarded-Host $http_host;
    }