asked on December 7, 2018
Hi,
What is the recommended way to secure an elastic server instance when using Flexmonster? We're hosting with AWS who provide either IP or VPC security but IP address security would require adding every client IP to the whitelist. I don't see how VPC hosting would work at all.
It would be easiest if we could proxy the request to Elastic from Flexmonster via our backend server but then we'd have to understand the request/response format.
Thanks!
⋅ December 10, 2018
Hello Jason,
Thank you for the question.
You are right, the most flexible way to secure Elasticsearch is to create a proxy. Flexmonster sends the following requests:
GET /{index name}/_mapping - to get the fields in the indexPOST /{index name}/_search - to get the dataBasically, your proxy should check requests from Flexmonster and allow or deny them based on user access rights.
Also, it can modify the query to add some filter for a specific role, etc. Then, it should redirect the response from Elasticsearch back to Flexmonster.
As an option, you can also attach custom headers to the requests (i.e. access token) to identify the user.
Here is a sample: http://jsfiddle.net/flexmonster/5xtw7n3p/ (see lines 13-15).
Please let me know if it works for you.
Regards,
Ian