ObjectRocket Elasticsearch on AWS Beta

The first service to launch on our new Beta platform is hosted Elasticsearch with Kibana

Overview

We currently offer a hosted Elasticsearch product, in Beta, on the new platform. The key features of the service are:

  • 3+ node HA clusters
  • Includes hosted Kibana
  • Includes hosted Cerebro
  • Includes daily backups with 2 week retention
  • TLS encryption, RBAC with IP whitelisting

Feature Detail

3+ Node HA clusters

Following the trend of ObjectRocket only offering HA solutions, our Elasticsearch product on the beta platform is also HA. Each instance consists of 3-5 Elasticsearch nodes, managing all of the Elasticsearch roles (data, master, ingest). All nodes run the oss branch of the Elasticsearch product and do not include any XPack features, per the limitations set forth in the Elastic License.

Though we strongly advise against production workloads while we’re in open Beta, failed/problematic nodes are automatically replaced by our Kubernetes-based platform, so we can ensure that your cluster is always up and available.

Hosted Kibana

Though optional during instance creation, each instance can include a hosted Kibana container. Each Kibana container is dedicated to the instance and runs the oss variant of Kibana.

Hosted Cerebro

Though optional during instance creation, each instance can include a hosted Cerebro container. Cerebro is an open source (MIT License) elasticsearch web admin tool built using Scala, Play Framework, AngularJS and Bootstrap. It provides a bird’s eye view of your indexes, shard placement, node stats, as well as providing useful tools for managing your cluster.

Daily Backups

All instances are backed up daily, at a random time, and can be viewed via the Elasticsearch snapshots API. We retain snapshots for 2 weeks.

TLS, RBAC, and IP Whitelisting

To secure the cluster the Elasticsearch product supports TLS encrypted connections, Role-based Access Control, and IP Whitelists

All connections to the cluster externally (including Kibana and Cerebro) are encrypted in-flight with SSL/TLS.

All connections to Elasticsearch must be authenticated via a user name and password. You must create a user via our new Beta Cloud API that you will use to auth with Elasticsearch. Each user that you create can have one of three roles: admin (full read/write to everything), readonly (read-only access to everything), and kibana (read access, plus the ability to modify KIbana dashboards). In the future additional roles and granular data permissions will be added

Finally, all external access to the cluster is blocked by default. To connect you must specify IPs and IP ranges that you will allow access to the cluster. This is accomplished during instance creation, or via the ACLs API endpoints

Elasticsearch Beta FAQ

How do I configure Cerebro to connect to the Elasticsearch cluster?

The first time you connect to Cerebro you will need to point it to an internal Elasticsearch node and provide a valid user/password.

  1. In the HOSTS box type http://elasticsearch:9200
  2. Click the Authentication dropdown menu below HOSTS
  3. Provide the username and password for a user on the instance