September 01, 2018
When you create AWS ElasticSearch Service behind VPC, you will never find a direct way to access ElasticSearch from outside the local VPC , and the only way to be able to do it, is by using EC2 instance inside this VPC and use this instance as a proxy server that will forward the requsers from your local machine to ElasticSearch service and responses from ElasticSearch to your machine.
I found this approach very simple and fast when I want to access ElasticSearch for doing some tests or for accessing Kibana console. The easiest way from my point of view as a Node.js developer is to use http-proxy , it is very efficient way to create proxy servers.
Create AWS EC2 instance inside the VPC.
Access it using SSH and install nodejs version >= 8 and git
Forward ports 80 to 8080 and 443 to 8443
sudo iptables -t nat -A PREROUTING -p tcp --dport 443 -j REDIRECT --to-port 8443
sudo iptables -t nat -A PREROUTING -p tcp --dport 80 -j REDIRECT --to-port 8080
Clone this repo
git clone https://github.com/enGMzizo/aws-vpc-proxy
Run :
npm install
and to start it use this command
ELASTIC_URL=https://XXXXXXXX.eu-west-1.es.amazonaws.com node index.js
replace https://XXXXXXXX.eu-west-1.es.amazonaws.com
with your actual ElasticSearch Service URL or IP Address.
and then navigate to your instance ip address on your browser http://ipaddress/_plugin/kibana
You should be able to see kibana.
Generate https credentials for your domain name using https://letsencrypt.org/docs and you should have two files private key and certs , You will use these files with your node https server.
Add your domain to your server using AWS Route 53.
Upload your certs files to your server.
Uncomment all the code in index.js and add your uploaded private key and server certs
const credentials = {
key: readFileSync('PATH_TO_KEY', 'utf8'),
cert: readFileSync('PATH_TO_CERTS', 'utf8')
}
and re-run
ELASTIC_URL=https://XXXXXXXX.eu-west-1.es.amazonaws.com node index.js
The node js server should be listning to the port 8443
and it should accept secured connections.
Now you can access your kibana from your domain name
https://domain.com/_plugin/kibana
Written by M. Ezzat who builds Stuff !!