如何从 EC2 请求到 elasticsearch 服务？

Question

我是云服务的新手，尤其是 aws，我才刚刚开始了解什么是 VPC 安全组

我试图从 ec2 连接 elasticsearch 服务，但它给我超时错误。我知道一些与安全组相关的事情

访问策略

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Principal": {
        "AWS": "arn:aws:iam::xxxxxxxxx:root"
      },
      "Action": "es:*",
      "Resource": "arn:aws:es:xxxx:xxxxx:domain/xxxxx-es/*"
    }
  ]
}

并且ec2和es服务连接到同一个VPC。我错过了什么？谢谢

Answer 1

您需要修改ELK集群访问策略。

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Principal": {
        "AWS": "*"
      },
      "Action": "es:*",
      "Resource": "arn:aws:es:us-west-2:YOUR_ACCOUNT_ID:domain/YOUR_DOMAIN_NAME/*",
      "Condition": {
        "IpAddress": {
          "aws:SourceIp": [
            "172.0.0.0/29",
            "10.0.0.0/16"
          ]
        }
      }
    }
  ]
}

Select 域 -> 修改访问策略

set-access-control-for-amazon-elasticsearch-service

确定您创建 ES 的方式。

When you create a domain, you specify whether it should have a public endpoint or reside within a VPC. Once created, you cannot switch from one to the other. Instead, you must create a new domain and either manually reindex or migrate your data.

es-vpc

Answer 2

推荐第一次使用AWS控制台了解Elastic Search涉及的组件和基本配置步骤

在https://aws.amazon.com/elasticsearch-service/getting-started/?nc=sn&loc=4

中关注link'Get Started With...'

完成后，也许您可以编写云形成脚本来完成相同的操作。

Answer 3

已解决

问题出在安全组上我允许从该实例访问端口 443，它非常有效。

如何从 EC2 请求到 elasticsearch 服务？

How to request from EC2 to elasticsearch service?

amazon-web-services

aws-elasticsearch