for your IP-based access policy, "Allow access to the domain from specific IP(s)", have you added the public elastic IP address that is assigned to your NAT Gateway?
To confirm, the ECS cluster is running in a private subnet in one VPC and the Elasticsearch cluster in a another private subnet in a different VPC and you want the ECS cluster to communicate to the Elasticsearch endpoint over private IP address space without going across the public internet?
If yes, do both VPCs have non-overlapping CIDR blocks? If yes, I would recommend reading up on how to setup up AWS VPC Peering. More info available here:
If this is not what you wanted, let me know.
Thank you Randy for your answer.
So Basically the ES is running not on VPC access but on a public access. And secured via ip policy.
However ECS are running on our VPC on private subnets.
When i describe my es domain I cant see any information about the VPC and subnets and azs.
aws es describe-elasticsearch-domain --domain-name xxxxxx
How do i get the information about the ES domain running with public access? When I setup ES domain I did not find any option to select the VPC so does that mean it runs on Default VPC?
If your requirements allow you to have Elasticsearch running in a VPC, I would highly recommend that you re-install/or migrate the data from a public endpoint to a VPC so that you don't have to traverse the internet to use Elasticsearch. Note: "When you create a domain, you specify whether it should have a public endpoint or reside within a VPC. Once created, you cannot switch from one to the other. Instead, you must create a new domain and either manually reindex or migrate your data. Snapshots offer a convenient means of migrating data. ."
When initially creating your Domain, step 12 in the following link shows:
For simplicity in this tutorial, we recommend an IP-based access policy. On the Set up access page, in the Network configuration section, choose Public access.
Here is where you can choose the VPC option instead of Public access.
So, let me know if you want help to troubleshoot the current configuration, or if you want to re-install/migrate to the VPC and then see if that works.
Yeah I am well aware of the vpc based access elastic search, but the problem is not all of our infrastructure is migrated to AWS completely.
We are in the middle of migration and we still at least need around 6 months to completely in AWS. And since we are using elastic search public access that are running on our on premise application, it is not possible at a moment.
And IF i am correct we can not access vpc based elasticsearch outside the VPC. Let me know if we can access VPC based elastic search somehow outside the VPC as well so our non aws applications still can use & access it.
Anyway, thanks for the information. So think the best would be to wait until if we have everything inside aws environment and we migrate to VPC bases ES cluster.
Accessing Running Container on AWS to my local machineasked 2 months ago
Running multiple container using single EC2 instances in ECSasked 2 months ago
how can we assign vpcid while creating a ecs service under ecs cluster through .net aws sdk?Accepted Answerasked 22 days ago
Can I SSH into my container running on AppRunner?asked 6 months ago
How to deploy ECR private image to Lightsail containersasked a month ago
Is it possible to change the assignPublicIp setting of running ecs fargate to disable?asked a month ago
Running NextJS on ECS + Fargateasked a month ago
Connection reset error in ECS cluster between two microservices running on two containers.asked 8 months ago
Running short-lived tasks on AWS Lightsail Containersasked 6 months ago
ECS containers running on private subnet can not reach elastic searchAccepted Answerasked 3 years ago