2

I have an instance of Elasticsearch facing the internet on an EC2. On the other hand I have my webservice as a Heroku app.

I want to secure the Elasticsearch instance and allow inbound traffic only from my Heroku app.

I have found this Elasticsearch plugin but it looks a bit painful. So what can be the best way to secure an open xx.xx.xx.xx:9200 port of my EC2 instance facing the internet and connect to Heroku?

Is SSL a solution? I have little knowledge.

In Heroku I use python.

Similar questions: one and two have an old solution which Heroku does not recommend anymore. Another option is to move the webservice to AWS and secure it behind a firewall but, for the time, I prefer to let Heroku do the dev-ops.

Community
  • 1
Diolor
  • 121
  • 4
  • In addition to the elasticsearch-security-plugin that you found, there is also https://github.com/sonian/elasticsearch-jetty – sciurus Apr 25 '14 at 00:20

1 Answers1

0

Because the heroku is cloud based, your heroku IP address is not static. A security group solution is not suitable here. I would use SSL with some authentication (even HTTP authentication is enough IMHO, but I'm not a security expert).

If you want to go to the extreme, SSL with both server & client certificates is the way to go.

You could use nginx as a reverse proxy for elastic search, if it doesn't support the above features.

omribahumi
  • 321
  • 2
  • 4