12

I am unable to access AWS Elasticsearch Kibana with a browser.

I have set up an Elasticsearch instance within my VPC exactly as described here;

https://aws.amazon.com/blogs/aws/amazon-elasticsearch-service-now-supports-vpc/

I used the default IAM access policy template which is basicaly all current IAM profiles (*)

My EC2 webapp (xenforo forum) is happily connected and chugging away.

I would like to access my elasticsearch domain kibana endpoint via browser from my home PC.

The security group I attached to the cluster configuration includes a rule to allow ALL TCP inbound from my home broadband fixed IP address.

I log into the AWS console, click the Kibana link from the elasticsearch domain overview and... nothing, times out.

I have read everything I can find on the matter. No joy - except perhaps I should be signing my https requests as well which seems crazy complicated and my understanding is that IP access should be configurable with security groups?

Can anyone clarify?

ericTbear
  • 153
  • 1
  • 11
  • Did you get anywhere with this? I have the exact same issue... – timothyclifford Nov 21 '17 at 09:14
  • 2
    Yes & no. Basically one has to be inside the VPC to browser access Kibana. So either connect via VPN, Setup a reverse proxy or use a Amazon Workspace (cloud desktop) attached to the security group. I got these solutions via AWS support. Proxy solution detailed below is probably a pre-configured reverse proxy specifically for elasticsearch. – ericTbear Nov 27 '17 at 03:31
  • OK I'm going to whip up a reverse proxy, will post here when I'm done if you're interested – timothyclifford Nov 27 '17 at 08:17
  • any idea why AWS ELB doesn't work? I tried that with TCP load balancer. – fabiangebert Jan 12 '18 at 16:44
  • Why do AWS always make it so hard! – Kong Jan 24 '18 at 04:41

2 Answers2

2

to access Kibana, it seems the only way is pass proper header with your requests to.

We solved it by using https://github.com/abutaha/aws-es-proxy - its not niciest, but works for us.

  • requires to have aws-cli installed
  • requires to do bit of setup, but works well afterwards

hope it helps

Michal Hatak
  • 797
  • 1
  • 9
  • 21
  • And how do you make sure only you can access it? – Filip Procházka Nov 23 '17 at 14:04
  • 1
    Because its run locally. And its because only 2-3 ppl from our company are accessing Kibana. Its easier to set that for them (with theirs keys), then installing any other tool/server/service somewhere online. I Understand that your use-case could be different though – Michal Hatak Nov 24 '17 at 12:44
0

Hi There are many ways to access Kibana here are some of them that I found:-

  1. Use an SSH tunnel. For information on how to do this :- https://aws.amazon.com/premiumsupport/knowledge-center/kibana-outside-vpc-ssh-elasticsearch

Advantages: Provides a secure connection over the SSH protocol. All connections use the SSH port. Disadvantages: Requires client-side configuration and a proxy server.

  1. Use an NGINX Proxy. For information on how to do this, please visit reference :- https://aws.amazon.com/premiumsupport/knowledge-center/kibana-outside-vpc-nginx-elasticsearch

Advantages: Setup is easier, because only server-side configuration is required. Uses standard HTTP (port 80) and HTTPS (port 443). Disadvantages: Requires a proxy server. The security level of the connection depends on how the proxy server is configured.

Hitesh Subnani
  • 589
  • 8
  • 11