I'm trying to move an Elasticsearch domain from one VPC to another. The Elasticsearch domain contains two data nodes, each in a different AZ, and I'm using a ZoneAwarenessConfig with enabled set to True.
My update fails with:
The subnets must be in the same VPC. (Service: AWSElasticsearch; Status Code: 400; Error Code: ValidationException; Request ID: 1382cf1e-961a-40c0-b336-c43887d07c73; Proxy: null)
The change is itself is incredibly simple, the diff from the CDK is:
[~] AWS::Elasticsearch::Domain Elasticsearch/DocumentSearch ElasticsearchDocumentSearch78F67497
└─ [~] VPCOptions
└─ [~] .SubnetIds:
└─ @@ -1,8 +1,8 @@
[ ] [
[ ] {
[-] "Ref": "VpcPrivateSubnet1Subnet67A4DBCB"
[+] "Ref": "VpcTempVpcPrivateSubnet1SubnetF8F05905"
[ ] },
[ ] {
[-] "Ref": "VpcPrivateSubnet2SubnetC8EB537D"
[+] "Ref": "VpcTempVpcPrivateSubnet2SubnetFF8C4018"
[ ] }
The new subnets are both in the same VPC. It's hard to read this as anything other than a bug in Cloudformation.
It's also not possible to remove an Elasticsearch domain from a subnet. The update of the AWS::Elasticsearch::Domain fails with:
Internal Failure
The change once again is trivially simple:
[~] AWS::Elasticsearch::Domain Elasticsearch/DocumentSearch ElasticsearchDocumentSearch78F67497
└─ [-] VPCOptions
└─ {"SecurityGroupIds":[{"Fn::GetAtt":,"SubnetIds":}
AWS OFFICIALAktualisiert vor 2 Jahren
Hi yes you were right. I should have post a comment not an answer... Not fully clear how rePost works... don't have any notification... Thanks for the additional info. An interesting issue... here a link with a note at the bottom : https://aws.amazon.com/blogs/aws/amazon-elasticsearch-service-now-supports-vpc ... it seems not possible