Closed rasatabular closed 2 years ago
We're using a serverless API proxy (basically an API Gateway using proxy integration to a python Lambda deployed in the VPC) in order to be able to connect to a VPC based OpenSearch domain API via public internet/in terraform.
provider "elasticsearch" {
aws_region = data.aws_region.current.name
aws_signature_service = "execute-api"
elasticsearch_version = "1.1.0"
healthcheck = false
url = "https://${your.api_proxy_domain_name}"
}
Hi @rasatabular @moritzzimmer are the two of you referring to the same cluster? The provider configuration you provided is very different.
@rasatabular the error message is descriptive in this case: dial tcp 10.0.0.22:443: connect: operation timed out
. The provider cannot reach the configured elasticsearch cluster.
Please include the following information:
Note: In general, issues on this repository are for reporting bugs and feature requests for this provider, not providing support for unique environments.
@phillbaker just wanted to give an example/provide help how to use this provider to connect to an OpenSearch domain inside a VPC
Hi @phillbaker I am not sure whether the error I am getting is due to some issue with the code or me not using the repo in the correct way. I assumed that I would be using it in the same way that I use the AWS provider to deploy AWS resources.
To be more explicit:
from where are you running the provider?
I am running the TerraForm code locally. The code connect to my AWS profile and deploys the infrastructure (loadbalancer, EC2, OpenSearch, etc).
where is the elasticsearch cluster located?
The OpenSearch cluster is a VPC-accessible cluster on AWS.
what is the networking configuration for where the elasticsearch cluster runs and all the networks connecting the location where the provider is running to the cluster?
I have a VPC with two subnets and one Internet gateway. I have a few EC2 instances in the subnets and a loadbalancer that forwards traffic to the EC2 instances. I also have an RDS instance where the EC2 instances connect and the OpenSearch cluster is in the same VPC.
I also have an IAM user that I assign to the EC2 instances to be able to access OpenSearch.
What I am interested in is creating index templates from TerraForm and be able to deploy them locally.
@rasatabular this is not an issue with the provider.
If your OpenSearch cluster is a VPC-accessible cluster on AWS, then it will only be network accessible from within the VPC. You either need to run terraform from within the VPC or, if you want to run it outside the VPC (e.g. locally), set up a proxy to get into the VPC. Please see @moritzzimmer's comment for one example, but there are many ways to do this, SSH tunnels, bastion hosts, etc.
Hi,
I have an AWS VPC with Opensearch version 1.2 which is not publicly accessible. I am trying to create I have tried different configurations for the provider but I have failed to make things work and I am trying to find out what is wrong in the configuration.
The following configuration:
Gives the following output:
If I remove the
insecure = true
I get:The error is slightly different than before, so it might give some hint of what is wrong in my configuration.
The aws_profile
my_aws_profile
I am using is configured locally and I can use the terraform AWS provider with it without any issues.Additionally, I tried providing the
aws_region
or alternatively setting theaws_access_key
andaws_secret_key
at the provider directly but the result was the same. I tried removing theelasticsearch_version
form the provider configuration and I got:I have also verified that the 'https://url.amazonaws.com' is the correct URL showing in my AWS console under
Domain endpoint (VPC)
.