Amazon Elasticsearch access policy from EC2 auto-scaling

Question

We are using Amazon Elasticsearch and the client which are accessing this service is running in EC2 machine. For the security purpose, we are using IP based security so we have given the ec2 machine's IP in the ES security policy. Now the ec2 infrastructure started using the auto-scaling, so we are in trouble because of the new machine not able to access the ES services.

How to set the access policy so that new machine able to access the ES service.

we don't want to open the ES service publically.

we can't use the accessID/secret mechanism.

ARN not working for this as it for user access

Hi @JakubKania, we have taken the arn of target group(ec2 application load balancer), then we go to ES->Modify access policy->Allow or deny accesss to one or more AWS account, set the arn but its giving the error. attached :- https://drive.google.com/open?id=125dhC4KfzLKeF5yp1GvaS6-fweNkbbe0, https://drive.google.com/open?id=1D1Gw1RE6iAb6tjVO0tFrHS4CBt0_UBEi — Deepesh Uniyal, Sep 18 '18 at 06:52

score 0 · Answer 1 · answered Sep 18 '18 at 11:03

0

Refer these blog posts:

Restrict the AWS ElasticSearch access to an auto scaling group

https://aws.amazon.com/blogs/database/set-access-control-for-amazon-elasticsearch-service/

answered Sep 18 '18 at 11:03

Abhishek Soni

21
2

Amazon Elasticsearch access policy from EC2 auto-scaling

1 Answers1