Secure Your Access to Kibana 5 and Elasticsearch 5 With Nginx for AWS
As until now, AWS does not offer VPC Support for Elasticsearch, so this make things a bit difficult authorizing Private IP Ranges.
One workaround would be to setup a Nginx Reverse Proxy on AWS within the your Private VPC, associate a EIP on your Nginx EC2 Instance, then authorize your EIP on your Elasticsearch IP Access Policy.
In this setup, we will have an Internal ELB (Elastic Load Balancer), which we will associate 1 or more EC2 Nginx Instances behind the ELB, then setup our Nginx to Revere Proxy our connections through to our Elasticsearch Endpoint.
We will also setup Basic HTTP Authentication for our / elasticsearch endpoint, and our /kibana endpoint. But we will keep the authentication seperate from each other, so that credentials for ES and Kibana is not the same, but depending on your use case, you can allow both endpoints to reference the same credential file.
Install Nginx
Depending on your Linux Distribution, the package manager may differ, I am using Amazon Linux:
Restart the nginx process and enable the process on boot:
Restart Nginx
12
$ sudo /etc/init.d/nginx restart
$ sudo chkconfig nginx on
Configure ELB:
Create a New Internal ELB, set the Backend Instances on Port 80, and the healthcheck should point to /status/index.html as this location block does not require authentication and our ELB will be able to get a 200 reponse if all is good.
Next you can configure your Route 53 Hosted Zone, elk.mydomain.com to map to your ELB.
End Result
Now you should be able to access Elasticsearch on http://elk.mydomain.com/ and Kibana on http://elk.mydomain.com/kibana after authenticating.