Closed ndtreviv closed 2 years ago
Pinging @elastic/es-distributed (Team:Distributed)
The repository-s3
plugin accepts client settings region
and endpoint
(see docs). If that isn't working for you, can you help us understand what needs doing differently?
Gah, you're absolutely right. Sorry - I didn't spot it.
Description
I'm running elasticsearch on an EC2 instance within a security group that currently enables outbound traffic to the world. I have a security requirement to lock that down. I can either add a couple of hundred rules for each possible S3 endpoint that amazon makes available for that region, or I can use AWS PrivateLink.
I also have a requirement to log to CloudWatch, so I would need to do the same for that.
If I enable AWS PrivateLink I need to be able to override the endpoint.
A java example of using a bucket client and overriding the endpoint to use AWS PrivateLink:
However I don't see a configuration option in the s3client settings for s3-repository to enable this (same goes for filebeat, but I'll raise that as a separate Feature Request).
Please can the s3-repository support overriding the endpoint so we can use AWS PrivateLink? Without it I need to add a couple of hundred rules to my security group in AWS to ensure it works 100% of the time.