Web Development

Access AWS ElasticSearch Kibana behind VPC using Node.js

September 01, 2018

When you create AWS ElasticSearch Service behind VPC, you will never find a direct way to access ElasticSearch from outside the local VPC , and the only way to be able to do it, is by using EC2 instance inside this VPC and use this instance as a proxy server that will forward the requsers from your local machine to ElasticSearch service and responses from ElasticSearch to your machine.

I found this approach very simple and fast when I want to access ElasticSearch for doing some tests or for accessing Kibana console. The easiest way from my point of view as a Node.js developer is to use http-proxy , it is very efficient way to create proxy servers.

So , let’s begin with very basic HTTP server on port 8080.

  1. Create AWS EC2 instance inside the VPC.

  2. Access it using SSH and install nodejs version >= 8 and git

  3. Forward ports 80 to 8080 and 443 to 8443 

    sudo iptables -t nat -A PREROUTING -p tcp --dport 443 -j REDIRECT --to-port 8443
sudo iptables -t nat -A PREROUTING -p tcp --dport 80 -j REDIRECT --to-port 8080

  4. Clone this repo 

    git clone https://github.com/enGMzizo/aws-vpc-proxy

  5. Run :

    npm install

    and to start it use this command 

    ELASTIC_URL=https://XXXXXXXX.eu-west-1.es.amazonaws.com  node index.js

    replace https://XXXXXXXX.eu-west-1.es.amazonaws.com with your actual ElasticSearch Service URL or IP Address.

    and then navigate to your instance ip address on your browser http://ipaddress/_plugin/kibana You should be able to see kibana.

Adding domain and support HTTPS

  1. Generate https credentials for your domain name using https://letsencrypt.org/docs and you should have two files private key and certs , You will use these files with your node https server.

  2. Add your domain to your server using AWS Route 53.

  3. Upload your certs files to your server.

  4. Uncomment all the code in index.js and add your uploaded private key and server certs 

    const credentials = {
  key: readFileSync('PATH_TO_KEY', 'utf8'),
  cert: readFileSync('PATH_TO_CERTS', 'utf8')
}

    and re-run 

    ELASTIC_URL=https://XXXXXXXX.eu-west-1.es.amazonaws.com  node index.js

    The node js server should be listning to the port 8443 and it should accept secured connections.

  5. Now you can access your kibana from your domain name 

    https://domain.com/_plugin/kibana
M. Ezzat

Written by M. Ezzat who builds Stuff !!