Elasticsearch 7.5.2 Cluster on EC2: Security Group

ckough · February 1, 2020, 4:40am

Hi There,

I'm testing out a 3 x ES Node cluster on EC2. When I set my Security Group to inbound allow all (outbound is allow all in all cases), the cluster has no issue.

But when I set a new SG to allow inbound 9200, 9300, 22, 443, 80 from ANY source (0.0.0.0/0) and use it on 1 of the nodes, that node becomes disconnected with the rest of the cluster.

When i add a new rule to allow inbound any port from the any of the 3 nodes into the SG, the affected node can now join the cluster again.

Are there any additional ports I need to allow inbound for an EC2 ES cluster?

Thanks in advance!
CK

DavidTurner · February 1, 2020, 8:13am

By default Elasticsearch nodes communicate with each other on port 9300, but maybe you're not using the default config.

When the node disconnects from the cluster, it will likely log some useful details. Can you share the logs? Look in particular for messages from the ClusterFormationFailureHelper.

ckough · February 1, 2020, 11:09am

Strangely when I took out the rules and put them back again, it works. Thanks for your help.

Topic		Replies	Views
Protect ElasticSearch port(s) on Amazon EC2 instances Elasticsearch	1	320	July 6, 2017
Trying to set up multi-node cluster on AWS EC2 Elasticsearch	1	782	May 24, 2018
Problems connecting with other nodes Elasticsearch	2	1148	July 6, 2017
ElasticSearch EC2 autodiscovery apparently flaky Elasticsearch	4	383	July 6, 2017
Connect to EC2 cluster from other security groups Elasticsearch	10	410	July 6, 2017

Elasticsearch 7.5.2 Cluster on EC2: Security Group

Related topics