Posted On: Dec 7, 2017

We are pleased to announce Amazon Elasticsearch Service now allows you to encrypt your data using keys that you manage through AWS Key Management Service (KMS). Elasticsearch is a popular open source search and analytics engine for log analytics, full text search, application monitoring, and more. Amazon Elasticsearch Service delivers Elasticsearch’s easy-to-use APIs and real-time capabilities along with the availability, scalability, and security required by production workloads. 

On an Amazon Elasticsearch Service domain with encryption enabled, all data stored on the underlying file systems are encrypted, including primary and replica indices, log files, memory swap files, and automated Amazon S3 snapshots. Amazon Elasticsearch Service handles encryption and decryption seamlessly, so you don’t have to modify your application to access your data. You can choose to enable encryption when you create new domains via the AWS Management Console or API. Amazon Elasticsearch Service can create a KMS master key for you, or you can choose one of your own. Encryption at rest supports both Amazon Elastic Block Store (EBS) and instance storage.

For more information on the use of AWS Key Management Service with Amazon Elasticsearch Service, see the Amazon Elasticsearch Service Developer Guide. To learn more about AWS KMS, visit the AWS KMS overview page.

Encryption at rest on Amazon Elasticsearch Service is now available in 14 regions globally: US East (N. Virginia), US East (Ohio), US West (Oregon), US West (N. California), Canada (Central), South America (Sao Paulo), EU (Ireland), EU (London), EU (Frankfurt), Asia Pacific (Singapore), Asia Pacific (Sydney), Asia Pacific (Tokyo), Asia Pacific (Seoul), and Asia Pacific (Mumbai) regions. It’s easy to get started with Amazon Elasticsearch Service. Sign into the console to launch your Amazon Elasticsearch Service domain today.