Skip to content

Instantly share code, notes, and snippets.

@tankhuu

tankhuu/aws_es_vpc_based_access_kibana.sh

Last active September 17, 2020 09:32
Show Gist options
  • Save tankhuu/6e69448f218d7f01f49e3e8fc907da51 to your computer and use it in GitHub Desktop.
Save tankhuu/6e69448f218d7f01f49e3e8fc907da51 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
aws_es_vpc_based_access_kibana.sh
# Source From: https://www.jeremydaly.com/access-aws-vpc-based-elasticsearch-cluster-locally/
# You need to have an EC2 instance running in the same VPC as your Elasticsearch cluster.
# If you don’t, fire up a micro Linux instance with a secure key pair.
# NOTE: Make sure your instance’s security group has access to the Elasticsearch cluster and
# that your Elasticsearch cluster’s access policy uses the “Do not require signing request with IAM credential” template.
# At local Client
## Create SSH Tunnel
cat << EOF > ~/.ssh/config
# Elasticsearch Tunnel
Host estunnel
# your server's public IP address
HostName 12.34.56.78
User ec2-user
IdentitiesOnly yes
# Private RSA Key pem
IdentityFile ~/.ssh/MY-KEY.pem
# Replace with your Elasticsearch VPC Cluster Domain
LocalForward 9200 vpc-YOUR-ES-CLUSTER.us-east-1.es.amazonaws.com:443
EOF
# Run
ssh estunnel -N
# Go To Web Browser
# Then Browse:
# https://localhost:9200
# https://localhost:9200/_plugin/kibana
# Error: channel 2: open failed: administratively prohibited: open failed
# Resolve: Check the option AllowTCPForwarding and PermitOpen in The remote Server (/etc/ssh/sshd_config)
# Add line if not exists:
# AllowTCPForwarding yes
# PermitOpen any
# Then: Run `ssh estunnel -N` again
@barunps3
Copy link

Hello tankhuu,

I added/uncommented the following lines as mentioned in sshd_config file of bastion server in my VPC but still I am getting the same open failed: administratively prohibited: open failed error

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment