ObjectRocket Elasticsearch on AWS Beta¶
The first service to launch on our new Beta platform is hosted Elasticsearch with Kibana
We currently offer a hosted Elasticsearch product, in Beta, on the new platform. The key features of the service are:
- 3+ node HA clusters
- Includes hosted Kibana
- Includes hosted Cerebro
- Includes daily backups with 2 week retention
- TLS encryption, RBAC with IP whitelisting
3+ Node HA clusters¶
Following the trend of ObjectRocket only offering HA solutions, our Elasticsearch product on the beta platform is also HA. Each instance consists of 3-5 Elasticsearch nodes, managing all of the Elasticsearch roles (data, master, ingest). All nodes run the oss branch of the Elasticsearch product and do not include any XPack features, per the limitations set forth in the Elastic License.
Though we strongly advise against production workloads while we’re in open Beta, failed/problematic nodes are automatically replaced by our Kubernetes-based platform, so we can ensure that your cluster is always up and available.
Though optional during instance creation, each instance can include a hosted Kibana container. Each Kibana container is dedicated to the instance and runs the oss variant of Kibana.
Though optional during instance creation, each instance can include a hosted Cerebro container. Cerebro is an open source (MIT License) elasticsearch web admin tool built using Scala, Play Framework, AngularJS and Bootstrap. It provides a bird’s eye view of your indexes, shard placement, node stats, as well as providing useful tools for managing your cluster.
All instances are backed up daily, at a random time, and can be viewed via the Elasticsearch snapshots API. We retain snapshots for 2 weeks.
TLS, RBAC, and IP Whitelisting¶
To secure the cluster the Elasticsearch product supports TLS encrypted connections, Role-based Access Control, and IP Whitelists
All connections to the cluster externally (including Kibana and Cerebro) are encrypted in-flight with SSL/TLS.
All connections to Elasticsearch must be authenticated via a user name and password. You must create a user via Mission Control or our Beta Cloud API that you will then use to auth with Elasticsearch. Each Elasticsearch user that you create can have one of three roles: admin (full read/write to everything), readonly (read-only access to everything), and kibana (read access, plus the ability to modify KIbana dashboards). In the future, additional roles and granular data permissions will be added.
Finally, all external access to the cluster is blocked by default. To connect you must specify IPs and IP ranges that you will allow access to the cluster. This is accomplished during instance creation, or via the ACLs API endpoints.
Elasticsearch Beta FAQ¶
How do I configure Cerebro to connect to the Elasticsearch cluster?¶
The first time you connect to Cerebro you will need to point it to an internal Elasticsearch node and provide a valid user/password.
- In the
- Click the
Authenticationdropdown menu below
- Provide the username and password for a user on the instance