Posted On: Dec 7, 2017
We are pleased to announce HAQM Elasticsearch Service now allows you to encrypt your data using keys that you manage through AWS Key Management Service (KMS). Elasticsearch is a popular open source search and analytics engine for log analytics, full text search, application monitoring, and more. HAQM Elasticsearch Service delivers Elasticsearch’s easy-to-use APIs and real-time capabilities along with the availability, scalability, and security required by production workloads.
On an HAQM Elasticsearch Service domain with encryption enabled, all data stored on the underlying file systems are encrypted, including primary and replica indices, log files, memory swap files, and automated HAQM S3 snapshots. HAQM Elasticsearch Service handles encryption and decryption seamlessly, so you don’t have to modify your application to access your data. You can choose to enable encryption when you create new domains via the AWS Management Console or API. HAQM Elasticsearch Service can create a KMS master key for you, or you can choose one of your own. Encryption at rest supports both HAQM Elastic Block Store (EBS) and instance storage.
For more information on the use of AWS Key Management Service with HAQM Elasticsearch Service, see the HAQM Elasticsearch Service Developer Guide. To learn more about AWS KMS, visit the AWS KMS overview page.
Encryption at rest on HAQM Elasticsearch Service is now available in 14 regions globally: US East (N. Virginia), US East (Ohio), US West (Oregon), US West (N. California), Canada (Central), South America (Sao Paulo), EU (Ireland), EU (London), EU (Frankfurt), Asia Pacific (Singapore), Asia Pacific (Sydney), Asia Pacific (Tokyo), Asia Pacific (Seoul), and Asia Pacific (Mumbai) regions. It’s easy to get started with HAQM Elasticsearch Service. Sign into the console to launch your HAQM Elasticsearch Service domain today.