@David Severski
One more question
- EC2-Classic is deprecated. Demonstrating use of VPC would be helpful.
What do you mean by that?
On Fri, Aug 15, 2014 at 3:39 PM, Pavel P pavel@kredito.de wrote:
@David Severski
Thanks for the input.
I've actually encountered the issue, when my security group was closed for
the world and the private IPs were not stated in the security group rules.
I had no idea why the could-aws does not connect to the hosts, because the
public IPs were there.
I've stated that issue in the article.
However I agree with you, the cluster should not be available from the
world.
On Fri, Aug 15, 2014 at 3:32 PM, David Severski david@severski.net
wrote:
Thanks for collecting this information together! A couple points for
tweaking:
- Instead of hard coding the IAM credentials into the file, associate
the instances with an IAM role. cloud-aws will use those automatically and
AWS will handle key rotation for you.
- You are launching all the instances into the same availability zone.
That greatly reduces the ability of the cluster to tolerate an AWS outage.
Stick each of your three nodes in a different availability zone and you'll
be much better off.
- EC2-Classic is deprecated. Demonstrating use of VPC would be helpful.
- I encourage AWS hosts not to be named. Users should plan for hosts
to come and go. This means no-unique host names and hard coded IPs. AWS is
ephemeral infrastructure and ES, as a cluster app, is very happy playing in
this space.
and the big one...
- Your security group looks to open ES to the world. DON'T DO THIS!
There's been a tremendous amount of angst recently from ES clusters getting
owned via open tcp/9200 and these security groups look to open your cluster
to the entire internet. There's no need for that. cloud-aws will work with
private IPs just fine.
David
On Thursday, August 14, 2014 10:13:34 AM UTC-7, Pavel P wrote:
Hi everyone,
Below you can find one big article, summing up all my experience of
building the cluster on AWS.
When I started I had no information at all, but I found the needed
pieces in different places, including this user group.
With your help I succeeded, and want to share the knowledge, that
newcomers would find everything in one place.
Elasticsearch cluster on AWS. Part 1 - preparing the environment.
http://pavelpolyakov.com/2014/08/13/elasticsearch-cluster-on-aws-part-1-preparing-environment/
Elasticsearch cluster on AWS. Part 2 - configuring the elasticsearch.
http://pavelpolyakov.com/2014/08/14/elasticsearch-cluster-on-aws-part-2-configuring-the-elasticsearch/
Hope it would help someone!
Regards,
--
You received this message because you are subscribed to a topic in the
Google Groups "elasticsearch" group.
To unsubscribe from this topic, visit
https://groups.google.com/d/topic/elasticsearch/NU2pktgTkDc/unsubscribe.
To unsubscribe from this group and all its topics, send an email to
elasticsearch+unsubscribe@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/elasticsearch/fdcf7c19-f097-4eda-9078-852f24b2acd6%40googlegroups.com
https://groups.google.com/d/msgid/elasticsearch/fdcf7c19-f097-4eda-9078-852f24b2acd6%40googlegroups.com?utm_medium=email&utm_source=footer
.
For more options, visit https://groups.google.com/d/optout.
--
Pavel Polyakov
Software Engineer - PHP team
E-mail: pavel@kredito.de
Skype: pavel.polyakov.x1
https://www.facebook.com/kreditech
Kreditech Holding SSL GmbH
Am Sandtorkai 50, 20457 Hamburg, Germany
Office phone: +49 (0)40 - 605905-60
Authorized representatives: Sebastian Diemer, Alexander Graubner-Müller
Company registration: Hamburg HRB122027
www.kreditech.com
Kreditech https://www.facebook.com/kreditech
https://www.facebook.com/kreditech
This e-mail contains confidential and/or legally protected information. If
you are not the intended recipient or if you have received this e-mail by
error please notify the sender immediately and destroy this e-mail. Any
unauthorized review, copying, disclosure or distribution of the material in
this e-mail is strictly forbidden. The contents of this e-mail is legally
binding only if it is confirmed by letter or fax. The sending of e-mails to
us does not have any period-protecting effect. Thank you for your
cooperation.
--
Pavel Polyakov
Software Engineer - PHP team
E-mail: pavel@kredito.de
Skype: pavel.polyakov.x1
https://www.facebook.com/kreditech
Kreditech Holding SSL GmbH
Am Sandtorkai 50, 20457 Hamburg, Germany
Office phone: +49 (0)40 - 605905-60
Authorized representatives: Sebastian Diemer, Alexander Graubner-Müller
Company registration: Hamburg HRB122027
www.kreditech.com
Kreditech https://www.facebook.com/kreditech
https://www.facebook.com/kreditech
This e-mail contains confidential and/or legally protected information. If
you are not the intended recipient or if you have received this e-mail by
error please notify the sender immediately and destroy this e-mail. Any
unauthorized review, copying, disclosure or distribution of the material in
this e-mail is strictly forbidden. The contents of this e-mail is legally
binding only if it is confirmed by letter or fax. The sending of e-mails to
us does not have any period-protecting effect. Thank you for your
cooperation.
--
You received this message because you are subscribed to the Google Groups "elasticsearch" group.
To unsubscribe from this group and stop receiving emails from it, send an email to elasticsearch+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/elasticsearch/CAFVUaqP2M6hSMTeT8Zpzj%3DZUo05W1J%3D3ZZ8VOGWSG4h0R9eeWQ%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.