Background: A logstash golden image EC2 instance may spin up spontaneously, and the Elasticsearch server it pipelines logs to needs to allow it (with a new public IP) to connect.
This function is intended to be used in AWS Lambda to find a specific EC2 spot instance with a specific tag. If this script finds a match, it pulls the public IP address of that instances and then creates a JSON policy document. The policy document is then applied to an AWS Elasticsearch domain to allow the originally matched EC2 instance access.
Here are some other required items within AWS to make this work:
- A logstash server pushing logs to an AWS managed ES domain.
- A CloudWatch event, configured as follows to push a custom input transformer:
{
"instance-id": "This would be the instance ID in the real-world."
}- An IAM role which Lambda assumes and allows the following:
- Allow EC2 Describe Instances
- Allow Update Elasticsearch Domain Config on the required ES domain