Launch a NGINX proxy to access Kibana from outside a VPC that's using Amazon Cognito authentication

If an Amazon Elasticsearch cluster is in a virtual private cloud (VPC) Kibana is only accessible inside this VPC. There are several way´s to access Kibana from outside that VPC as described here

This sample templates can be used as a starting point to provision a NGINX Proxy to access Kibna following the guidance from this post

Option 1: Deploy a single instance

With this Option only a single instance with an NGINX Proxy is deployed in the given Subnet.

Deploy to your account:

aws cloudformation deploy \
    --template-file es-nginx-single.yaml \
    --stack-name <STACKNAME> \
    --parameter-overrides ESHost=<ES-HOST> \
        CognitoHost=<COGNITO-HOST> \
        VPCID=<VPC> \
        SubnetID=<SUBNET> \
    --region <REGION>

Option 2: Deploy in an Autoscaling Group

With this Option, the Proxy is deployed in an Autoscaling Group with an Application Load Balancer in Front. This is the recommended deployment for High Availability.

You must specify at least 2 public Subnets. Every Subnet must be in another Availability Zone.

You must also provide a Certificate for the HTTPS Listener of the Application Load Balancer.

aws cloudformation deploy
    --template-file es-nginx.yaml \
    --stack-name <STACKNAME> \
    --parameter-overrides ESHost=<ES-HOST> \
        CognitoHost=<COGNITO-HOST> \
        VPCID=<VPC-ID> \
        ALBSubnets=<SUBNET1-ID>,<SUBNET2-ID> \
        SSLCertificate=<CERTIFICATE-ARN>
    --region <REGION>

Access the Example Dashboard

After the stack is created the Link to the dashboard is available in the Stack Outputs.

Or via console.

aws cloudformation describe-stacks  \
        --stack-name <STACKNAME>  \
        --query 'Stacks[0].Outputs[?OutputKey==`KibanaEndpoint`].OutputValue' \
        --region <REGION>

Cleaning Up

To avoid incurring charges, delete the AWS CloudFormation stack when you are finished experimenting:

Sign in to the AWS CloudFormation console and choose your stack.
Choose Delete to delete all resources.

FAQs

Q: How much do resources in this template cost?

Standard AWS charges apply to the resources you deploy with this template.

Amazon EC2 and Elastic Load Balancing provides customers in the AWS Free Tier free usage of up to 750 hours per month for each compute and load balancing. This template will use t2.micro instances by default which are eligible for the Free Tier.

Q: How can I add a new question to this list?

If you found yourself wishing this set of frequently asked questions had an answer for a particular problem, please submit a pull request. The chances are good that others will also benefit from having the answer listed here.

Q: How can I contribute?

See the Contributing Guidelines for details.

License

This library is licensed under the MIT-0 License. See the LICENSE file.

aws-samples / amazon-elasticsearch-kibana-proxy Goto Github PK

amazon-elasticsearch-kibana-proxy's Introduction

Launch a NGINX proxy to access Kibana from outside a VPC that's using Amazon Cognito authentication

Option 1: Deploy a single instance

Option 2: Deploy in an Autoscaling Group

Access the Example Dashboard

Cleaning Up

FAQs

Q: How much do resources in this template cost?

Q: How can I add a new question to this list?

Q: How can I contribute?

License

amazon-elasticsearch-kibana-proxy's People

Contributors

Stargazers

Watchers

Forkers

Recommend Projects

React

Vue.js

Typescript

TensorFlow

Django

Laravel

D3

Recommend Topics

javascript

web

server

Machine learning

Visualization

Game

Recommend Org

Facebook

Microsoft

Google

Alibaba

D3

Tencent