AWS have recently announced VPC Support for Amazons Elasticsearch Service, which is a big win!
The official announcement:
Elasticsearch Private IP Based Authorization:
This essentially means that you can now allow private IP Addresses within your VPC via your Elasticsearch Service Policy, where in the past, especially if you would like to allow IP Based Access, you would had to either use a Reverse Proxy like Nginx, or when it comes to IAM Based Access, you had to allow requests via IAM User/Role, but then each request need to be signed, which makes it difficult in some cases.
Previous Workarounds:
I have covered how to setup a Nginx Reverse Proxy for Elasticsearch, which can be found on this post
VPC Selection on Amazons Elasticsearch Service:
When you setup a new Elasticsearch Search Domain on AWS, you will find after specifying your Elasticsearch Version, you will be presented with a VPC, Subnet and Security Group Selection, which will look like the screenshot below:
Now you can really fine grain your security by allowing private traffic to Elasticsearch.
Further Reading:
More information on this can be found on the AWS Blog Post: amazon-elasticsearch-service-now-supports-vpc
Comments