Proper access policy for Amazon Elastic Search Cluster

You can lock access down to IAM-only, but how will you view Kibana in your browser? You could setup a proxy (see Gist and/or NPM module) or enable both IAM and IP-based access for viewing results. I was able to get both IAM access IP-restricted access with the following Access Policy. Note the order is … Read more

Supporting HTTPS URL redirection with a single CloudFront distribution

You’re thinking too narrowly — there’s nothing wrong with this setup. The solution would be trivial if Amazon offered any form of URL rewriting They do — the empty bucket. S3 has absolutely no support for HTTPS. Not for web site hosted buckets, no… but CloudFront does. CloudFront is not just a CDN. It’s also … Read more

Serving a multitude of static sites from a wildcard domain in AWS

CloudFront + [email protected] + S3 can do this “serverless.” [email protected] is a CloudFront enhancement that allows attributes of requests and responses to be represented and manipulated as simple JavaScript objects. Triggers can be provisioned to fire during request processing, either before the cache is checked (“viewer request” trigger) or before the request proceeds to the … Read more

How to get Elastic Beanstalk nginx-backed proxy server to auto-redirect from HTTP to HTTPS?

After several false-starts with ideas from Amazon’s paid support, they did come through in the end. The way you get this to work is you configure your environment to respond to both port 80 and 443. Then create a folder in your main Node.js app folder called .ebextensions, and you place a file named 00_nginx_https_rw.config … Read more