-
Notifications
You must be signed in to change notification settings - Fork 24.7k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Automatically guess EC2 endpoint based on metadata #27924
Comments
@rjernst shared his thoughts in #27925 (comment) Quoting here:
So here is my new proposal:
|
I'm fine with this. It matches the behavior with repository-s3 of auto finding the region based on bucket name (which the s3 client does for us). |
👍It would be great to have this. If users don't typically have to explicitly configure either the region or endpoint then it makes little difference which can be configured in advanced scenarios. |
It's worth noting that it's non-trivial to automatically generate the endpoint from the region (Chinese regions use com.cn). I'd suggest something like this:
Alternatively, it might be worth changing the way the client is built such that it uses the built in logic to automatically use the local region. |
@sihil In order to obtain the EC2 endpoint, I propose to use AWS API action DescribeRegions with its RegionName parameter set to the region string obtained from EC2 metadata. Looking up the endpoint in the SDK can be backup option, if e.g. instance profile does not permit the AWS API action. Although I prefer to make ability to call the action DescribeRegions a mandatory requirement, as there are other AWS API actions required to make this plugin working. Guessing endpoint using SDK seems less reliable e.g. once a new region is added. |
I came across this problem when creating a new Elasticsearch cluster using a CloudFormation stack. Took me a couple of hours debugging as the behaviour was contrary to the documentation and, in my opinion counter-intuitive. I am aiming for 100% automation of building and configuring the Elasticsearch cluster and I did not want to hard code the endpoint because we deploy our resources to multiple regions and this was likely to get messy. I ended up writing a CloudFormation custom resources backing off to a lambda function that is called when the stack is provisioning to populate the endpoint in the elasticsearch.yml configuration file. This function uses the DescribeRegions API call mentioned by @GoodMirek above. Whilst it works well for me it requires a lot of work for the consumer. It would be a great idea to see the Endpoint being an optional parameter that can be overridden if required but if not set using a combination of EC2 metadata and the DescribeRegions API call to automatically get the endpoint. |
+1 |
+1, right now to support multi region installations I have to add custom logic to lookup the correct endpoint and then change this parameter during startup of the ec2 instance. |
+1 |
1 similar comment
+1 |
I just ran across this issue because I was troubleshooting why discovery wasn't working in a new region. I spent too much time troubleshooting this because I didn't notice in the documentation that discovery.ec2.endpoint had a default value and my test instances happened to be started in us-east-1 (the default). I thought it was getting the region from the ec2 instance where elasticsearch was running. I would argue there shouldn't be a default value here. The plugin should put an error in the logs that the endpoint isn't set until it can be guessed automatically. |
This is not needed anymore since the AWS SDK guesses the region internally when
|
While I was working on #27464, I came to this part of the AWS SDK code:
Important part is:
Which basically means that we should revisit the decision we made in #22758 and remove
endpoint
and reintroduceregion
.Creating a AWS EC2 client would be as simple as:
Even better, we can actually retrieve automatically the region if not explicitly set from the metadata instance by calling:
Which would simplify even more the usage of the plugin as people won't normally have to define anything but:
Authentication is done using IAM Role credentials by default.
@rjernst @tlrx thoughts?
The text was updated successfully, but these errors were encountered: