@David Severski One more question
> 3) EC2-Classic is deprecated. Demonstrating use of VPC would be helpful. What do you mean by that? On Fri, Aug 15, 2014 at 3:39 PM, Pavel P <[email protected]> wrote: > @David Severski > > Thanks for the input. > > I've actually encountered the issue, when my security group was closed for > the world and the private IPs were not stated in the security group rules. > I had no idea why the could-aws does not connect to the hosts, because the > public IPs were there. > I've stated that issue in the article. > > However I agree with you, the cluster should not be available from the > world. > > > On Fri, Aug 15, 2014 at 3:32 PM, David Severski <[email protected]> > wrote: > >> Thanks for collecting this information together! A couple points for >> tweaking: >> >> 1) Instead of hard coding the IAM credentials into the file, associate >> the instances with an IAM role. cloud-aws will use those automatically and >> AWS will handle key rotation for you. >> 2) You are launching all the instances into the same availability zone. >> That greatly reduces the ability of the cluster to tolerate an AWS outage. >> Stick each of your three nodes in a different availability zone and you'll >> be much better off. >> 3) EC2-Classic is deprecated. Demonstrating use of VPC would be helpful. >> 4) I encourage AWS hosts _not_ to be named. Users should plan for hosts >> to come and go. This means no-unique host names and hard coded IPs. AWS is >> ephemeral infrastructure and ES, as a cluster app, is very happy playing in >> this space. >> >> and the big one... >> >> 5) Your security group looks to open ES to the world. DON'T DO THIS! >> There's been a tremendous amount of angst recently from ES clusters getting >> owned via open tcp/9200 and these security groups look to open your cluster >> to the entire internet. There's no need for that. cloud-aws will work with >> private IPs just fine. >> >> David >> >> >> On Thursday, August 14, 2014 10:13:34 AM UTC-7, Pavel P wrote: >>> >>> Hi everyone, >>> >>> Below you can find one big article, summing up all my experience of >>> building the cluster on AWS. >>> When I started I had no information at all, but I found the needed >>> pieces in different places, including this user group. >>> >>> With your help I succeeded, and want to share the knowledge, that >>> newcomers would find everything in one place. >>> >>> Elasticsearch cluster on AWS. Part 1 - preparing the environment. >>> <http://pavelpolyakov.com/2014/08/13/elasticsearch-cluster-on-aws-part-1-preparing-environment/> >>> Elasticsearch cluster on AWS. Part 2 - configuring the elasticsearch. >>> <http://pavelpolyakov.com/2014/08/14/elasticsearch-cluster-on-aws-part-2-configuring-the-elasticsearch/> >>> >>> Hope it would help someone! >>> >>> Regards, >>> >> -- >> You received this message because you are subscribed to a topic in the >> Google Groups "elasticsearch" group. >> To unsubscribe from this topic, visit >> https://groups.google.com/d/topic/elasticsearch/NU2pktgTkDc/unsubscribe. >> To unsubscribe from this group and all its topics, send an email to >> [email protected]. >> To view this discussion on the web visit >> https://groups.google.com/d/msgid/elasticsearch/fdcf7c19-f097-4eda-9078-852f24b2acd6%40googlegroups.com >> <https://groups.google.com/d/msgid/elasticsearch/fdcf7c19-f097-4eda-9078-852f24b2acd6%40googlegroups.com?utm_medium=email&utm_source=footer> >> . >> >> For more options, visit https://groups.google.com/d/optout. >> > > > > -- > > *Pavel Polyakov* > > Software Engineer - PHP team > > E-mail: [email protected] > Skype: pavel.polyakov.x1 > > <https://www.facebook.com/kreditech> > Kreditech Holding SSL GmbH > Am Sandtorkai 50, 20457 Hamburg, Germany > Office phone: +49 (0)40 - 605905-60 > Authorized representatives: Sebastian Diemer, Alexander Graubner-Müller > Company registration: Hamburg HRB122027 > > www.kreditech.com > facebook.com/kreditech <https://www.facebook.com/kreditech> > > <https://www.facebook.com/kreditech> > > This e-mail contains confidential and/or legally protected information. If > you are not the intended recipient or if you have received this e-mail by > error please notify the sender immediately and destroy this e-mail. Any > unauthorized review, copying, disclosure or distribution of the material in > this e-mail is strictly forbidden. The contents of this e-mail is legally > binding only if it is confirmed by letter or fax. The sending of e-mails to > us does not have any period-protecting effect. Thank you for your > cooperation. > -- *Pavel Polyakov* Software Engineer - PHP team E-mail: [email protected] Skype: pavel.polyakov.x1 <https://www.facebook.com/kreditech> Kreditech Holding SSL GmbH Am Sandtorkai 50, 20457 Hamburg, Germany Office phone: +49 (0)40 - 605905-60 Authorized representatives: Sebastian Diemer, Alexander Graubner-Müller Company registration: Hamburg HRB122027 www.kreditech.com facebook.com/kreditech <https://www.facebook.com/kreditech> <https://www.facebook.com/kreditech> This e-mail contains confidential and/or legally protected information. If you are not the intended recipient or if you have received this e-mail by error please notify the sender immediately and destroy this e-mail. Any unauthorized review, copying, disclosure or distribution of the material in this e-mail is strictly forbidden. The contents of this e-mail is legally binding only if it is confirmed by letter or fax. The sending of e-mails to us does not have any period-protecting effect. Thank you for your cooperation. -- You received this message because you are subscribed to the Google Groups "elasticsearch" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/elasticsearch/CAFVUaqP2M6hSMTeT8Zpzj%3DZUo05W1J%3D3ZZ8VOGWSG4h0R9eeWQ%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
