@David Severski Thanks for the input.
I've actually encountered the issue, when my security group was closed for the world and the private IPs were not stated in the security group rules. I had no idea why the could-aws does not connect to the hosts, because the public IPs were there. I've stated that issue in the article. However I agree with you, the cluster should not be available from the world. On Fri, Aug 15, 2014 at 3:32 PM, David Severski <[email protected]> wrote: > Thanks for collecting this information together! A couple points for > tweaking: > > 1) Instead of hard coding the IAM credentials into the file, associate the > instances with an IAM role. cloud-aws will use those automatically and AWS > will handle key rotation for you. > 2) You are launching all the instances into the same availability zone. > That greatly reduces the ability of the cluster to tolerate an AWS outage. > Stick each of your three nodes in a different availability zone and you'll > be much better off. > 3) EC2-Classic is deprecated. Demonstrating use of VPC would be helpful. > 4) I encourage AWS hosts _not_ to be named. Users should plan for hosts to > come and go. This means no-unique host names and hard coded IPs. AWS is > ephemeral infrastructure and ES, as a cluster app, is very happy playing in > this space. > > and the big one... > > 5) Your security group looks to open ES to the world. DON'T DO THIS! > There's been a tremendous amount of angst recently from ES clusters getting > owned via open tcp/9200 and these security groups look to open your cluster > to the entire internet. There's no need for that. cloud-aws will work with > private IPs just fine. > > David > > > On Thursday, August 14, 2014 10:13:34 AM UTC-7, Pavel P wrote: >> >> Hi everyone, >> >> Below you can find one big article, summing up all my experience of >> building the cluster on AWS. >> When I started I had no information at all, but I found the needed pieces >> in different places, including this user group. >> >> With your help I succeeded, and want to share the knowledge, that >> newcomers would find everything in one place. >> >> Elasticsearch cluster on AWS. Part 1 - preparing the environment. >> <http://pavelpolyakov.com/2014/08/13/elasticsearch-cluster-on-aws-part-1-preparing-environment/> >> Elasticsearch cluster on AWS. Part 2 - configuring the elasticsearch. >> <http://pavelpolyakov.com/2014/08/14/elasticsearch-cluster-on-aws-part-2-configuring-the-elasticsearch/> >> >> Hope it would help someone! >> >> Regards, >> > -- > You received this message because you are subscribed to a topic in the > Google Groups "elasticsearch" group. > To unsubscribe from this topic, visit > https://groups.google.com/d/topic/elasticsearch/NU2pktgTkDc/unsubscribe. > To unsubscribe from this group and all its topics, send an email to > [email protected]. > To view this discussion on the web visit > https://groups.google.com/d/msgid/elasticsearch/fdcf7c19-f097-4eda-9078-852f24b2acd6%40googlegroups.com > <https://groups.google.com/d/msgid/elasticsearch/fdcf7c19-f097-4eda-9078-852f24b2acd6%40googlegroups.com?utm_medium=email&utm_source=footer> > . > > For more options, visit https://groups.google.com/d/optout. > -- *Pavel Polyakov* Software Engineer - PHP team E-mail: [email protected] Skype: pavel.polyakov.x1 <https://www.facebook.com/kreditech> Kreditech Holding SSL GmbH Am Sandtorkai 50, 20457 Hamburg, Germany Office phone: +49 (0)40 - 605905-60 Authorized representatives: Sebastian Diemer, Alexander Graubner-Müller Company registration: Hamburg HRB122027 www.kreditech.com facebook.com/kreditech <https://www.facebook.com/kreditech> <https://www.facebook.com/kreditech> This e-mail contains confidential and/or legally protected information. If you are not the intended recipient or if you have received this e-mail by error please notify the sender immediately and destroy this e-mail. Any unauthorized review, copying, disclosure or distribution of the material in this e-mail is strictly forbidden. The contents of this e-mail is legally binding only if it is confirmed by letter or fax. The sending of e-mails to us does not have any period-protecting effect. Thank you for your cooperation. -- You received this message because you are subscribed to the Google Groups "elasticsearch" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/elasticsearch/CAFVUaqOWpEd5k9%3Dn5H2yu9kxjSpSJkO05jc%2BjxZNZbnm5AFN%2Bw%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
