Using Cloudfront to expose ElasticSearch REST API in read only (GET/HEAD)

Note that even a GET request can be harmful in Elasticsearch. A query which simply takes up too much resources to compute will bring down your cluster. Facets are a good way to do this.

I'd recommend writing a simple REST API you place in front of ES so you get much more control over what hits your search cluster. If that's not an option you could consider running Nginx on your ES boxes to act as a local reverse proxy, which will give you the same control (and a whole lot more) as CloudFront does. Then you'd only have to open up Nginx to the world, instead of ES.

I ended coding with my own plugin. Surprisingly there was nothing quite like this around. No proxies, no Jetty, no Tomcat.

Just a the original ES rest module and my RestFilter. Using a minimum of reflection to obtain the remote address of the requests.

enjoy:

https://github.com/sscarduzio/elasticsearch-readonlyrest-plugin