How to connect to AWS Elasticsearch cluster from outside of the VPC

murat profile image Murat Bastas ・1 min read

1. Make a tunnel to an EC2 instance that is in the same VPC

ssh -fN -L 9200:youresclusteraddress:443 user@host

It may look ugly, so you can add this to ~/.ssh/config file; add the following content to the file by vim ~/.ssh/config

Host myestunnel
  HostName host
  User user
  IdentitiesOnly yes
  IdentityFile ~/.ssh/sshkeyfile
  LocalForward 9200 youresclusteraddress:443

And then run:

ssh myestunnel -fN # with -f for "fork into background" and -N for "run no command"

Check the connection by:

curl -k https://localhost:9200/_cat/health

Or open https://localhost:9200/_cat/health in browser.

If you see something like this (1574240905 01:08:25 846366659123:clustername green 2 5 4 6 0 0 0 0 - 100.0%) that means it's working well.

You may see this, just trust it.


2. Use a beautiful GUI for querying and manage your cluster

There are some GUI applications for Elasticsearch. I like only one of them, it's cerebro.

2.1 Install cerebro

wget https://github.com/lmenezes/cerebro/releases/download/v0.8.5/cerebro-0.8.5.zip
unzip cerebro-0.8.5.zip && mv cerebro-0.8.5 cerebro && cd cerebro

And run:

bin/cerebro -Dhttp.port=9201 -Dhttp.address= -Dplay.ws.ssl.loose.acceptAnyCertificate=true &

Note play.ws.ssl.loose.acceptAnyCertificate=true means no verify SSL.

Open localhost:9201 and connect to https://localhost:9200


Editor guide