Unable to remotely access ES server hosted on AWS EC2 on port 9200


I upgraded an existing 1.7 installation to 2.0 and installed marvel and kibana on the same server.
By SSHing to the server and doing curl command I am able to index, search and do everything possible on the cluster with no issues.

However, when I try and send a request from a remote computer I get a 502 "Connection Refused" error on port 9200.

I am able to access both Marvel and Kibana remotely on port 5601 with no issues yet ES is not allowing me to access it remotely.

The node is hosted on Amazon's EC2 and I have both ports 5601 and 9200 open in the group policy.

Is there something I need to do to enable remote connections on 2.0?

By default, elasticsearch now binds to

If you need to open it, change "network.host".


I tried changing the network host. First I tried setting it to the EC2's public IP and elasticsearch did not like that. So I opted to user the internal IP and now I am able to access it remotely. However, now I am unable to issue commands locally when I SSH to the server. i.e. localhost:9200 does not work nor using the internal IP of the EC2 instance

In other words the situation is now reversed and I need both ends to work.

UPDATE: I tried setting network.bind_host to and tried setting the publish_host to the internal IP and that made the situation go back to the first issue where I am unable to connect remotely. I also tried setting the publish_host to the public IP and that did not work also.

1 Like

So when you set network.host: _ec2_ what can you see in logs when you start your instance?

It should give you the IP address which elasticsearch is bound to. Can't you use then this IP to connect locally?

Yes, setting the host as ec2 works. it uses the private IP. However, if I set the private IP explicitly it does not.

Thanks, will look into this a bit more

Could you figure out what went wrong?


Not sure what is going on here to be honest. If I set network.host: _ec2_ it works like a charm but when I set the bind and publish host separately to the local and private IPs respectively, it does not work.