Hi David, Indeed, the plugin makes AWS API calls ( ec2 describe instances) in order to find candidates to cluster with. Unfortunately, if memory serves me right, those are to external IPs...
Hint - tinyproxy with whitelist on your nat gw , and proper env configuration so that the client side (java , in this case) is aware of the proxy. Cheers, B On 19/11/2014 10:01 am, "David Vasquez" <[email protected]> wrote: > Hi everyone! > > I'm trying to configure tight security rules to my elasticsearch cluster > meaning that the network access rules must be exactly what is needed. Now > I've found that the EC2 Discovery plugin does a call to AWS ( > ec2.us-east-1.amazonaws.com:443) and for that I would need to give > internet access to my elasticsearch instances. > > That said, it means a big drawback for my security configuration because I > cannot tie the call to a fixed IP, neither to a fixed port and hence my > access rules would be wide open. > > Can you please tell me how do you manage this security issue on AWS? > > Thank you very much! > > -- > You received this message because you are subscribed to the Google Groups > "elasticsearch" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To view this discussion on the web visit > https://groups.google.com/d/msgid/elasticsearch/936cd83a-a080-4409-8e5d-0b10463abcbd%40googlegroups.com > <https://groups.google.com/d/msgid/elasticsearch/936cd83a-a080-4409-8e5d-0b10463abcbd%40googlegroups.com?utm_medium=email&utm_source=footer> > . > For more options, visit https://groups.google.com/d/optout. > -- You received this message because you are subscribed to the Google Groups "elasticsearch" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/elasticsearch/CACj2-4L5k7r0n4tv6aiLE_Q1LYTvmN5a0PjHprTLBX_jLhX8%3DQ%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
