0

I have created a ES cluster on AWS Elasticsearch service with the following configuration (in Terraform format, but the general configuration should be readable by human easily)

resource "aws_elasticsearch_domain" "es" {
  domain_name           = "tf-test"
  elasticsearch_version = "5.1"
  cluster_config {
    instance_type = "t2.small.elasticsearch"
  }

  ebs_options {
    ebs_enabled = "true"
    volume_type = "gp2"
    volume_size = "15"

  }

  advanced_options {
    "rest.action.multi.allow_explicit_index" = "true"
  }

  access_policies = <<CONFIG
{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Sid": "",
      "Effect": "Allow",
      "Principal": {
        "AWS": "*"
      },
      "Action": "es:*",
      "Condition": {
        "IpAddress": {
          "aws:SourceIp": [
            "my-ipv4/32"
          ]
        }
      },
      "Resource": "arn:aws:es:eu-central-1:my-account-id:domain/tf-test/*"
    }
  ]
}
CONFIG
}

and try to insert document with

curl -v -XPUT my-endpoint:9200/movies/movie/tt0116996 -d '{"name":"John Doe"}'

it returns error:

curl: (7) Failed to connect to my-endpoint port 9200: Operation timed out

The same with command:

curl 'my-endpoint:9200/_cat/health?v'
Andrei Stefan
  • 51,654
  • 6
  • 98
  • 89
Hello lad
  • 17,344
  • 46
  • 127
  • 200

1 Answers1

0

sounds like curl is failing to connect. this is likely from the access control settings of elasticsearch. check out https://docs.aws.amazon.com/elasticsearch-service/latest/developerguide/es-gsg-configure-access.html

you can verify this by issuing a telnet to see if you connect to a tcp socket:

telnet my-endpoint 9200

you should see something like (sub your ip and servername):

Trying 123.123.123.123...
Connected to my-endpoint
Escape character is '^]'.

if you don't connect - it's access control.

Nik Wehr
  • 11
  • 1