This is a docker config for this tutorial: https://www.jeremydaly.com/access-aws-vpc-based-elasticsearch-cluster-locally/
Connect to your AWS elasticsearch domain from outside the VPC, protected by the ec2 PEM key. You can connect to the tunnel from your host and from all docker containers in your docker-compose network.
| version: '3.4' | |
| services: | |
| # Tunnel to aws vpc tunnel | |
| vpc_tunnel: | |
| container_name: aws_vpc_ssh_tunnel | |
| build: | |
| context: dockerfiles/dev/dockerfile-aws_vpc_ssh_tunnel | |
| volumes: | |
| - ~/.ssh:/host_system_ssh_folder | |
| ports: | |
| - "9200:9200" | |
| environment: | |
| - SSH_AUTH_SOCK=/ssh-agent # Use SSH agent passed in volumes | |
| - EC2_HOST_IP="100.100.100.100" | |
| - KEY_FILE_NAME="whatever.pem" | |
| another_service: | |
| ... | |
| links: | |
| - "vpc_tunnel:my-vpc-tunnnel.com" # Sometimes a valid domain is needed |
| FROM alpine:3.12.1 | |
| COPY start_ssh_tunnel.sh /root/start_ssh_tunnel.sh | |
| RUN chmod +x /root/start_ssh_tunnel.sh | |
| RUN apk add openssh --no-cache | |
| ENTRYPOINT ["sh","/root/start_ssh_tunnel.sh"] |
| #!/bin/bash | |
| # Elasticsearch Tunnel | |
| mkdir /root/.ssh | |
| echo "Host estunnel" > /root/.ssh/config | |
| echo "HostName $EC2_HOST_IP" >> /root/.ssh/config | |
| echo "User ec2-user" >> /root/.ssh/config | |
| echo "IdentitiesOnly yes" >> /root/.ssh/config | |
| echo "IdentityFile /host_system_ssh_folder/$KEY_FILE_NAME" >> /root/.ssh/config | |
| echo "StrictHostKeyChecking no" >> /root/.ssh/config | |
| echo "LocalForward 0.0.0.0:9000 vpc-my-es-server.myregion.es.amazonaws.com:443" >> /root/.ssh/config | |
| ssh estunnel -N |