Accessing ElasticSearch on EC2 instance from outside the cloud

Question

I am trying to access my ElasticSearch on a running EC2 instance from outside the Cloud. I currently have SSH/HTTP/HTTPS open to the public for inbound traffic as well as all open for outbound traffic. I set up a public IP for my EC2 instance as well.

By default ElasticSearch is on port 9200. I'm not sure if I configured my elasticsearch.yml file correctly but it basically has the default configuration I only changed the cluster.name to something else.

When I type in my public IP with port 9200 into my local browser or locally do a telnet {public-ip} 9200, there is no response. When I SSH into my EC2 instance. I can perform a curl localhost:9200 and I get the correct response from elasticsearch

How can I connect to my ElasticSearch running on my EC2 instance from outside the cloud?

I added a Custom Rule for my security group for inbound traffic that includes port 9200 and is open to 0.0.0.0/0 and I still cannot access this EC2 instance

Answer 1

Potential issues to check are wrong binding and instance operating system firewall.

Check where elasticsearch is binding, as if it is binding to 127.0.0.1 you won't be able to reach it from the outside.

Check binding by running in one shell on the elasticsearch ec2:

sudo netstat -lptun | grep 9200

If it shows 127.0.0.1:9200 then there is a misconfiguration if otherwise shows *:9200 or :9200 then it is correct.

If it shows 127.0.0.1 then you should modify elasticsearch parameter network.bind_host as described in:https://www.elastic.co/guide/en/elasticsearch/reference/1.4/modules-network.html

Additionally http/HTTPS and ssh are usually allowed by default operating system firewall, whereas elasticsearch 9200 is not. This is usually the case for rhel and centos. You can temporarily disable iptables and check if it works.

To disable iptables run:

sudo iptables -F

If after disabling iptables the connection works you should configure iptables to allow connection on 9200.

I hope this helps.

G.