I wanted to see if y'all had any thoughts on how I am planning on implementing elasticsearch in my environments. Context, I am not using aws managed elasticsearch due to more expense and Id rather learn how to manage it myself.
Design: The web application will authenticate users with aws cognito on the web app layer. This layer will pretty much be the only external facing service (I think). I've been contemplating how I plan on using elasticsearch and whether I need to authenticate once more to get/push data into it. There are two scenarios: 1) dynamodb streams -> lambda -> elasticsearch using node es client. 2) webapp backend api's will call elasticsearch to retrieve any search/queries for the client (pretty much a wrapper as it should be).
I decided on putting a AWS INTERNAL Application Load Balancer (ALB) in front of the elasticsearch cluster and have the Security Groups only enable traffic from the sg's that the webAPP ec2s are running on. Given that it cannot be accessed externally and only through ec2(as far as I know and tested), can I forgo the authentication since its already done on the webapp layer with cognito?
question from:https://stackoverflow.com/questions/65930699/provisioning-elasticsearch-without-direct-authentication
