Cannot connect to Elasticsearch EC2 port 9200 using public ip

Question

I'm having problems trying to connect to Elasticsearch (ES) on an EC2 instance from my local linux box via the EC2 instance public ip i.e. curl [PUBLIC_IP]:9200

I followed the steps in this guide: https://github.com/miztiik/elk-stack/tree/master/ElasticSearch.

My ES version is 6.8.9

Here's what's working and what's not:

• On ES EC2 instance: curl localhost:9200 works
• On another instance with same VPC: curl [PUBLIC_IP]:9200 works
• On my local linux box: curl [PUBLIC_IP]:9200 doesn't work, however telnet [PUBLIC_IP] 9200 works i.e. it connects and gives me the escape character '^]'

My /etc/elasticsearch/elasticsearch.yml config has the following:

http.enabled: true
http.port: 9200
network.host: 0.0.0.0
http.cors.allow-origin: "*"
http.cors.enabled: true

There is only one (new) security group attached to the EC2 instance, which has the following inbound rules:

I also confirmed that the EC2 instance is in a public subnet i.e. connected to an internet gateway.

Thanks for any help.

Update

I also installed Apache httpd on the instance and rechecked everything. Here is the current state of things:

• I can ping, telnet and connect to the web server (:80) from the outside.
• I cannot connect to Elasticsearch (:9200) or Kibana (:5601) from the outside. All these I can however do within the VPC from another instance.

Answer 1

This sounds firewall related. Check on the ECE2 security group and either modify the default Sec group or create new one and associate it with your instance. For a test, modify your inbound as for your port as:

0.0.0.0/0 IPv4

And set network host as follows

network.host: _ec2 # if using the plugin

Otherwise

network.host: "{elastic_ip}”

If your ece2 instance doesn’t have public dns, you will have to edit your/etc/hosts file and add the IP address of your instance

network.bind_host

This specifies which network interface(s) a node should bind to in order to listen for incoming requests. A node can bind to multiple interfaces, e.g. two network cards, or a site-local address and a local address. Defaults to network.host.

network.publish_host The publish host is the single interface that the node advertises to other nodes in the cluster, so that those nodes can connect to it. Currently an Elasticsearch node may be bound to multiple

https://www.elastic.co/guide/en/elasticsearch/reference/current/modules-network.html

https://discuss.elastic.co/t/elasticsearch-only-accessible-from-localhost/65782/3

https://www.elastic.co/blog/running-elasticsearch-on-aws

https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/working-with-security-groups.html#describing-security-group

How do I enable remote access/request in Elasticsearch 2.0?