Multiple Node Deployment on AWS ECS

#1

Hello and thank you so much for the wonderful work on open distro,

I am not an actual server guy and I use docker to get the readily built software and its requirements and just deploy it with some tweakings on the settings.

I chose aws ecs to manage my elastic stack containers + application load balancer to balance my nodes and acm for my ssl. I am currently struggling with the TLS setup part, I generated my own self signed ssl certificates here https://aws.amazon.com/blogs/opensource/add-ssl-certificates-open-distro-for-elasticsearch/ and successfully launched a single node, but on ECS I set my service to launch at least 2 minimum tasks. So the 2 elasticsearch task run properly, the problem is they are not seeing each other and on my elasticsearch.yml I have this

cluster.name: horus
network.publish_host: _ec2:privateIp_
transport.publish_host: _ec2:privateIp_
discovery.zen.hosts_provider: ec2
discovery.ec2.tag.ElasticSearch: horus
discovery.ec2.endpoint: ec2.${REGION}.amazonaws.com
s3.client.default.endpoint: s3.${REGION}.amazonaws.com
cloud.node.auto_attributes: true
cluster.routing.allocation.awareness.attributes: aws_availability_zone

opendistro_security.ssl.transport.pemcert_filepath: odfe-node1.pem
opendistro_security.ssl.transport.pemkey_filepath: odfe-node1.key
opendistro_security.ssl.transport.pemtrustedcas_filepath: root-ca.pem
opendistro_security.ssl.transport.enforce_hostname_verification: false

It was actually working with the regular elasticsearch distribution from elastic.co but not on opendistro, I believe the problem is on the ssl transport key.

Do I need to create a pemcert and pemkey on every node? My nodes on ecs are dynamically created… Can someone point me to right direction, thank you so much!