TechQA.

Access AWS Elasticsearch from AWS Beanstalk

1k views Asked by At

I have an Elasticsearch Service instance on AWS and an Elastic Beanstalk one.

I want to give read-only access to beanstalk however beanstalk doesn't have a static ip address be default and with a bit of googling it is too much trouble to add one.

I therefore gave access to the aws account but that doesnt seem to work. I am still getting the error:

"User: anonymous is not authorized to perform: es:ESHttpPost

When I set it to public access everything works so I am certain I am doing something wrong here:

{
 "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Principal": {
        "AWS": "arn:aws:iam::xxx:root"
      },
      "Action": "es:*",
      "Resource": "arn:aws:es:eu-central-1:xxx:domain/xxx-elastic-search/*"
    }
  ]
}
amazon-web-services elasticsearch amazon-elastic-beanstalk aws-elasticsearch aws-access-policy
Original Q&A
1

There are 1 answers

2
Sid Malani On

Use identity-based policy such as this instead of IP whitelists.

{
 "Version": "2012-10-17",
 "Statement": [
  {
   "Resource": "arn:aws:es:us-west-2:111111111111:domain/recipes1/*",
   "Action": ["es:*"],
   "Effect": "Allow"
  }
 ]
}

Then attach it to the Elastic Beanstalk role. Read more here

https://aws.amazon.com/blogs/security/how-to-control-access-to-your-amazon-elasticsearch-service-domain/

Related Questions in AMAZON-WEB-SERVICES

Related Questions in ELASTICSEARCH

Related Questions in AMAZON-ELASTIC-BEANSTALK

Related Questions in AWS-ELASTICSEARCH

Related Questions in AWS-ACCESS-POLICY

Popular Questions

Popular Tags

javascript python java c# php android html jquery c++ css ios sql mysql r reactjs node.js arrays c asp.net json python-3.x ruby-on-rails .net sql-server swift django angular objective-c pandas excel

Trending Questions