AWS Elasticsearch VPC连接 [英] AWS Elasticsearch VPC connectivity
问题描述
我已经在AWS中创建了一个Elasticsearch域.
I've created an Elasticsearch domain in AWS.
它已添加到我的VPC的公共子网中,并且我附加了一个安全组,该安全组目前已完全打开.
It's added to my VPC inside a public subnet and I've attached a security group which is currently completely open.
我还附有此政策:
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"AWS": "*"
},
"Action": "es:*",
"Resource": "arn:aws:es:eu-central-1:ACCOUNT_ID:domain/DOMAIN_NAME/*"
}
]
}
我试图在本地访问端点,但似乎不允许.
I am trying to access an endpoint locally but it doesn't seem to be allowed.
例如Kibana网址是:
The Kibana URL for example is:
https://vpc-bla .bla.bla.eu-central-1.es.amazonaws.com/_plugin/kibana/
知道为什么我无法访问该URL吗?
Any idea why I'm not able to access this URL?
推荐答案
经过反复尝试,我发现ES生成的URL是内部的,无法通过安全组轻松地打开到Internet.
After much trial and error, I found the URL generated by ES is internal and cannot be opened to the internet easily via security groups.
相反,我部署了一个简单的nginx代理,该代理将公共DNS请求(例如es.mydns.com
)转发到内部DNS eg vpc....eu-central-1.es.amazonaws.com/_plugin/kibana/
Instead, I deployed an simple nginx proxy which forwarded public DNS requests eg es.mydns.com
to the internal DNS eg vpc....eu-central-1.es.amazonaws.com/_plugin/kibana/
这篇关于AWS Elasticsearch VPC连接的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!