Home > OS >  Create access policy to connect elastic beanstalk to Elasticsearch using IP address
Create access policy to connect elastic beanstalk to Elasticsearch using IP address

Time:11-07

I'm trying to set up access from my AWS Elastic Beanstalk service to AWS OpenSearch service (running elasticsearch).

I initially set an ip address for testing locally, which worked, however I can't find an ip address for my Elastic Beanstalk service in any of its configuration settings.

I was thinking I would completely open up my service for testing, but this doesn't seem to work either.

How can I find / set an ip address for my Elastic Beanstalk service?

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Principal": {
        "AWS": "*"
      },
      "Action": [
        "es:*"
      ],
      "Resource": "arn:aws:es:ap-southeast-2:*****:domain/mydomain/*",
      "Condition": {
        "IpAddress": {
          "aws:SourceIp": [
            "*"
          ]
        }
      }
    }
  ]
}

CodePudding user response:

If you are using ALB, then you can't have its IP, because ALB's IP address is dynamic. And also, ALB's is used for incoming connections only, not outgoing ones.

To have static IP for your EC2 instances, you would have to use single instance EB env (no load balancer), or place your EB instances in a private subnet, behind a NAT gateway. This would ensure that all your EB instance would use the NAT for the outgoing connections and you would get a static IP address for the NAT, which you could whitelist in your ES policy.

  • Related