Our team decided to use AWS ElasticSearch to store our logs. The service setup is fairly straight forward. But we face issues setting Kibana. In this article, I describe our setup. We hope you’d find it useful.
AWS ElasticSearch provides Kibana interface. The main issue is access. The first access option that AWS provides is using IAM user. This works fine for ElasticSearch service because we use Rails. You can use faraday_middleware gem to sign your request. Here’s the discussion on the topic.
Document accessing the AWS Elasticsearch Service using IAM credentials · Issue #232 · elastic…
To securely use AWS Elasticsearch Service, I have to make signed requests using IAM credentials. There is a Faraday…
However, Kibana doesn’t support AWS signature. We cannot use the same signing method with it. We have only one other options: IP whitelist for Kibana. This works but it gets very annoying when your IP changes.
We solve this issue by whitelisting one of our servers and configure an nginx proxy to access Kibana.
- Modify access policy to include proxy server’s IP address.
2. Configure nginx on the server to proxy to AWS Kibana.
3. Open your server_name URL, enter username and password to access Kibana server.
You can add SSL certificate to secure your site. That’s it!