I have an instance of Elasticsearch facing the internet on an EC2. On the other hand I have my webservice as a Heroku app.
I want to secure the Elasticsearch instance and allow inbound traffic only from my Heroku app.
I have found this Elasticsearch plugin but it looks a bit painful. So what can be the best way to secure an open xx.xx.xx.xx:9200
port of my EC2 instance facing the internet and connect to Heroku?
Is SSL a solution? I have little knowledge.
In Heroku I use python.
Similar questions: one and two have an old solution which Heroku does not recommend anymore. Another option is to move the webservice to AWS and secure it behind a firewall but, for the time, I prefer to let Heroku do the dev-ops.