AWS elasticsearch service with open access

Question

I have this template that was working till February.

https://datameetgeobk.s3.amazonaws.com/cftemplates/EyeOfCustomer_updated.yaml.txt

Something related to Fine Grained access changed and I get the error...

Enable fine-grained access control or apply a restrictive access policy to your domain (Service: AWSElasticsearch; Status Code: 400; Error Code: ValidationException

This is just a test server and I do not want to protect it using Advanced security options.

Answer 1

The error you receive is because Amazon enabled the fine grained access control as part of its release in February 2020.
You can enable VPCOptions for the cluster and create a subnet + security group and allow access through that security group. Add VPC ID as a parameter say pVpc (default VPC in thise case)

1. Add vpc parameter

  pVpc:
    Description: VPC ID
    Type: String
    Default: default-xxadssad - your default vpc id

2. Add subnet & security group

ESSubnetA:
  Type: AWS::EC2::Subnet
  Properties:
    VpcId:
      Ref: !Ref pVpc
    AvailabilityZone: ${self:provider.region}a
    CidrBlock: !Ref pVpcCIDR
    Tags:
      - Key: Name
        Value: es-subneta

ESSecurityGroup:
  Type: AWS::EC2::SecurityGroup
  Properties:
    GroupDescription: SecurityGroup for Elasticsearch
    VpcId:
      Ref: !Ref pVpc
    SecurityGroupIngress: 
      - FromPort: '443' 
        IpProtocol: tcp 
        ToPort: '443' 
        CidrIp: 0.0.0.0/0
    Tags:
      - Key: Name
        Value: es-sg

3. Enable VPCOptions

    VPCOptions: 
      SubnetIds: 
        - !Ref ESSubnetA
      SecurityGroupIds: 
        - !Ref ESSecurityGroup