Skip to content

Instantly share code, notes, and snippets.

@Schwankenson
Last active April 8, 2024 19:31
Show Gist options
  • Save Schwankenson/f02297f24df82eb613466499b0a0400e to your computer and use it in GitHub Desktop.
Save Schwankenson/f02297f24df82eb613466499b0a0400e to your computer and use it in GitHub Desktop.
Accessing a AWS elasticsearch server from outside the VPC
version: '3.4'
services:
# Tunnel to aws vpc tunnel
vpc_tunnel:
container_name: aws_vpc_ssh_tunnel
build:
context: dockerfiles/dev/dockerfile-aws_vpc_ssh_tunnel
volumes:
- ~/.ssh:/host_system_ssh_folder
ports:
- "9200:9200"
environment:
- SSH_AUTH_SOCK=/ssh-agent # Use SSH agent passed in volumes
- EC2_HOST_IP="100.100.100.100"
- KEY_FILE_NAME="whatever.pem"
another_service:
...
links:
- "vpc_tunnel:my-vpc-tunnnel.com" # Sometimes a valid domain is needed
FROM alpine:3.12.1
COPY start_ssh_tunnel.sh /root/start_ssh_tunnel.sh
RUN chmod +x /root/start_ssh_tunnel.sh
RUN apk add openssh --no-cache
ENTRYPOINT ["sh","/root/start_ssh_tunnel.sh"]
#!/bin/bash
# Elasticsearch Tunnel
mkdir /root/.ssh
echo "Host estunnel" > /root/.ssh/config
echo "HostName $EC2_HOST_IP" >> /root/.ssh/config
echo "User ec2-user" >> /root/.ssh/config
echo "IdentitiesOnly yes" >> /root/.ssh/config
echo "IdentityFile /host_system_ssh_folder/$KEY_FILE_NAME" >> /root/.ssh/config
echo "StrictHostKeyChecking no" >> /root/.ssh/config
echo "LocalForward 0.0.0.0:9000 vpc-my-es-server.myregion.es.amazonaws.com:443" >> /root/.ssh/config
ssh estunnel -N
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment