Connect to AWS Lighsail instance on port 9200 from AWS Lambda

Question

I'm trying to setup elasticsearch on my AWS lightsail instance, and got it running on port 9200, however I'm not able to connect from AWS lambda to the instance on the same port. I've updated my lightsail instance level networking setting to allow port 9200 to accept traffic, however I'm neither able to connect to port 9200 through the static IP, nor I'm able to get my AWS lambda function to talk to my lightsail host on port 9200.

I understand that AWS has separate Elasticsearch offering that I can use, however I'm doing a test setup and need to run vanilla ES on the same lightsail host. The ES is up and running and I can connect to it through SSH tunnel, however it doesn't work when I try to connect using the static IP or through another AWS service.

Any pointers shall be appreciated.

Thanks.

No it isn't inside a vpc. As a simple test, should I not be able to connect :9200 from my local browser if port 9200 is open? — Sanjay Verma, Sep 13 '18 at 05:13

Sky · Answer 1 · 2018-09-14T05:34:48.797

Update elasticsearch.yml

  network.host: _ec2:privateIpv4_

We are running multiple version of elaticsearch cluster on AWS Cloud:

elasticsearch-2.4 cluster elasticsearch.yml(On classic ec2 instance --i3.2xlarge )

cluster.name: ES-CLUSTER

node.name: ES-NODE-01

node.max_local_storage_nodes: 1

node.rack_id: rack_us_east_1d

index.number_of_shards: 8

index.number_of_replicas: 1

gateway.recover_after_nodes: 1

gateway.recover_after_time: 2m

gateway.expected_nodes: 1

discovery.zen.minimum_master_nodes: 1

discovery.zen.ping.multicast.enabled: false

cloud.aws.access_key: ***

cloud.aws.secret_key: ***

cloud.aws.region: us-east-1

discovery.type: ec2

discovery.ec2.groups: es-cluster-sg

network.host: _ec2:privateIpv4_

elasticsearch-6.3 cluster elasticsearch.yml(Inside VPC & i3.2xlarge instance)

cluster.name: ES-CLUSTER

node.name: ES-NODE-01

gateway.recover_after_nodes: 1

gateway.recover_after_time: 2m

gateway.expected_nodes: 1

discovery.zen.minimum_master_nodes: 1

discovery.zen.hosts_provider: ec2

discovery.ec2.groups: vpc-es-eluster-sg

network.host: _ec2:privateIpv4_

path:
  logs: /es-data/log
  data: /es-data/data

discovery.ec2.host_type: private_ip

discovery.ec2.tag.es_cluster: staging-elasticsearch  
discovery.ec2.endpoint: ec2.us-east-1.amazonaws.com

I recommend don't open port 9300 & 9200 for outside. Allow only EC2 instance to communicate with your elaticsearch.

Now how to access elasticsearch from my local box?

Use tunnelling(port forwarding) from your system using this command:

  $ ssh -i es.pem ec2-user@es-node-public-ip -L 9200:es-node-private-ip:9200 -N

It is like, you are running elasticsearch on your local system.

score 0 · Answer 2 · answered Mar 23 '19 at 21:27

I might be late to the party, but for anyone still struggling with this sort of problem should know that new versions of elastic search bind to localhost by default as mentioned in this answer to override this behavior you should set:

network.bind_host: 0

to allow the node to be accessed outside of localhost

Connect to AWS Lighsail instance on port 9200 from AWS Lambda

2 Answers2