Thank you for your video. I had some problems connecting, I figured out that my ec2 instance security group has to be set as an inbound security group of the ES in order to access the Elastic Search service.
Any plan to add a video on how to access Kibana with VPC access using production Kibana configurations? This is great start, but I am trying to figure out how to do this in production for SAML authenticated users to access the kibana endpoint.
I have setup opensearch in private subnet & lunched ec2 instance in public subnet. But when I am trying connect ,it is not working, can u please inform me that inbound , outbound, security rules u configured
The bastion is on the same network as the cluster. Unless you are on the same network then this is the only way to access the kibana dashboard for a vpc enabled elasticsearch cluster.
I follow the steps, but I have the problem with cognito aws login for kibana. It redirect me to the vpc, so I was able to access to kibana but I have the same problem after login process.
Yeah this is an issue when using cognito, reasoning being is that when you first browse to the local host url , it browses you the correct url which takes you to the login however once you login cognito then redirects you to the actual endpoint url which won’t work because your not on the same network. This is an issue I also faced and I also tried adding the localhost url to the callback url settings in cognito but still no luck. I would advise to remove cognito. You can create individual user profiles on the bastion host for other members and this will be secure enough as only the people Who has access to the credentials will be able to connect. If I find a way to integrate this using cognito I will make a vid on it. Hopefully this helps.
That sounds as if you need to edit your ssh config file on your server. Open and edit this file: ‘ /etc/ssh/ssh_config’ Then look for the ‘PasswordAuthentication’ option and if this is set to ‘no’ then change it to ‘yes’. Save and run the below command: sudo systemctl restart sshd
@@acetuts5851 I did but still getting the same error..by the way let me clear you onething that my pemfile is in downloads folder and I created the config file for estunnel in the same folder
Wow! It really works. Thank you, pal
Thanks for this great tutorial! I could connect to my OpenSearch instance in my VPC. You rock!
Thank you for your video. I had some problems connecting, I figured out that my ec2 instance security group has to be set as an inbound security group of the ES in order to access the Elastic Search service.
Absolutely awesome video. Totally helped. Thanks!
Thanks for your video... help me a lot!
Thanks a Lot for this video ..I was struggling to establish connection to my elastic search inside a VPC and this video was very help full...
I'm glad it helped.
@@acetuts5851 I have opensearch dashboard and windows EC2 in same vpc then still i am not able to access opensearch dashboard .
Are you getting any errors ?
Thank you very much, it worked!!
Any plan to add a video on how to access Kibana with VPC access using production Kibana configurations? This is great start, but I am trying to figure out how to do this in production for SAML authenticated users to access the kibana endpoint.
Thank you so much for the great video! How do you access it through SSO within an VPC enabled?
I have setup opensearch in private subnet & lunched ec2 instance in public subnet. But when I am trying connect ,it is not working, can u please inform me that inbound , outbound, security rules u configured
why do we need to access through bastion host instead of direct access ?
The bastion is on the same network as the cluster. Unless you are on the same network then this is the only way to access the kibana dashboard for a vpc enabled elasticsearch cluster.
I have opensearch dashboard and windows EC2 in same vpc then still i am not able to access opensearch dashboard
Thanks for wonderful video, how can we enable username and passwords for bastion host as we dont want to share pem files accorss.
This article should help: aws.amazon.com/premiumsupport/knowledge-center/new-user-accounts-linux-instance/
You can just add the individual users public keys to their profile and they can use that to connect
Can you show the configuration of the security group you selected?
The group I used for testing had open permissions.
Can this approach work with a self-deployed ES cluster, Kibana in a private subnet and the bastion in a public subnet?
Yes this process should work, have you tried it ?
Hello Sir
When I do ssh -N estunnel...nothing happens.. the terminal gets stuck...and is blank
did i miss anything?
Hey , that’s what should happen. Have you tried to browse to the url?
Hi,
Does it work if my ES domain performs authentication based on IAM Role (i.e required to sign the request)?
Hi, are you referring to the ES access policy ?, it should do however I haven’t tested it this way. Give a try and let me know how it goes.
Hello, I have a query related to aws ecs
I’ve responded to you on discord.
I follow the steps, but I have the problem with cognito aws login for kibana. It redirect me to the vpc, so I was able to access to kibana but I have the same problem after login process.
Yeah this is an issue when using cognito, reasoning being is that when you first browse to the local host url , it browses you the correct url which takes you to the login however once you login cognito then redirects you to the actual endpoint url which won’t work because your not on the same network.
This is an issue I also faced and I also tried adding the localhost url to the callback url settings in cognito but still no luck. I would advise to remove cognito. You can create individual user profiles on the bastion host for other members and this will be secure enough as only the people
Who has access to the credentials will be able to connect. If I find a way to integrate this using cognito I will make a vid on it. Hopefully this helps.
Hi,
I am using Windows. How can I access VPC enabled elasticsearch on Windows?
You can use putty. Search how to configure tunnelling in putty.
When I debug it, it got stuck at Port 9200
Hi, please make sure that you are allowing access to all the ports you are using in the security group
hi, i am getting root@estunnel: Permission denied (publickey,gssapi-keyex,gssapi-with-mic). after following your steps. Can you please help me
That sounds as if you need to edit your ssh config file on your server.
Open and edit this file: ‘ /etc/ssh/ssh_config’
Then look for the ‘PasswordAuthentication’ option and if this is set to ‘no’ then change it to ‘yes’.
Save and run the below command:
sudo systemctl restart sshd
@@acetuts5851 I did but still getting the same error..by the way let me clear you onething that my pemfile is in downloads folder and I created the config file for estunnel in the same folder
Have you tried to move it to your ssh folder?, also make sure that the file permission is correct. It should be 400
@@acetuts5851 yes I gave it as 400 and let me try by putting it in the folder. Can you help me by giving the full path of the ssh folder?
Have you configured an ssh profile before? If so then the full path for an ssh directory should be ‘~/.ssh’
when i try to connect it is loading empty page
What page is empty ? The terminal or the browser ?