Audit and secure your search and log analytics data with Amazon OpenSearch Service

Meet and maintain your security requirements for authentication, authorization, encryption, audit, and regulatory compliance.

Analytics solutions built on large amounts of data are especially susceptible to security risks and breaches. You need a robust security and compliance solution with these capabilities:

  • Confidently host sensitive workloads
  • Protect and limit access to confidential data
  • Integrate with third-party identity providers
  • Secure data at rest and in transit
  • Audit user activity and configuration updates
  • Configure programmatic access for your custom applications and other AWS services
Video Player is loading.
Current Time 0:00
Duration 0:00
Loaded: 0%
Stream Type LIVE
Remaining Time 0:00
 
1x
    • Chapters
    • descriptions off, selected
    • captions and subtitles off, selected

      Key security features of OpenSearch

      Provide secure access to your users, using authentication and authorization methods of your choice including native SAML support, AWS Cognito, AWS IAM and more. For more information see using SAML with Dashboards and Identity and Access Management.

      Protect your data from attackers by enabling encryption of data on disk, log files and automated snapshots using military grade AES-256 AWS Key Management Service (KMS) keys. Encrypt data in transit between nodes using TLS 1.2.

      Use one or more access control features such as AWS IAM policies or fine-grained access control to provide users with a controlled and predictable way to query business data, and monitor cluster configuration.

      Secure the perimeter to your domain by using AWS identity and resource policies to associate identities and resources to specific allow/deny actions. Create logically isolated networks using a Amazon Virtual Private Cloud (VPC), and Amazon VPC security groups to allow traffic only from known entities.

      Monitor configuration changes to your domain, track user activity, and audit requests for data--including detailed connection attributes. Use AWS CloudTrail logging and OpenSearch audit logs to monitor use of configuration APIs and requests to your data.

      Protect your data from security vulnerabilities. To minimize the need for version upgrades, OpenSearch Service provides backwards compatible security patches and upgrades for all supported versions of OpenSearch and Elasticsearch.

      Secure access to your sensitive or confidential data using advanced security controls. Use index, document or field-level security to limit access to specific indices, documents or fields.

      Communicate securely with your OpenSearch domain using Sigv4 signed requests sent using AWS SDKs or use AWS Command Line Interface (CLI).

      Meet strict compliance and governance requirements of your organization. Amazon OpenSearch Service is part of several industry standard compliance programs including HIPAA, FedRAMP, DoD CC SRG, SOC, PCI, ISO & CSA STAR, FIPS 140-2.

      Collect logs from different sources with different formats, normalize and compare security log data.

      Page topics

      Security FAQs

      Security FAQs

      Get started with Amazon OpenSearch Service Security