Audit and secure your search and log analytics data with Amazon OpenSearch Service

Meet and maintain your security requirements for authentication, authorization, encryption, audit, and regulatory compliance.

Analytics solutions built on large amounts of data are especially susceptible to security risks and breaches. You need a robust security and compliance solution with these capabilities:

  • Confidently host sensitive workloads
  • Protect and limit access to confidential data
  • Integrate with third-party identity providers
  • Secure data at rest and in transit
  • Audit user activity and configuration updates
  • Configure programmatic access for your custom applications and other AWS services
Understanding security in Amazon OpenSearch Service (7:10)

Key security features of OpenSearch

Authentication and authorization

Provide secure access to your users, using authentication and authorization methods of your choice including native SAML support, AWS Cognito, AWS IAM and more. For more information see using SAML with Dashboards and Identity and Access Management.


Protect your data from attackers by enabling encryption of data on disk, log files and automated snapshots using military grade AES-256 AWS Key Management Service (KMS) keys. Encrypt data in transit between nodes using TLS 1.2.

Granular access control

Use one or more access control features such as AWS IAM policies or fine-grained access control to provide users with a controlled and predictable way to query business data, and monitor cluster configuration.

Access policies and network isolation

Secure the perimeter to your domain by using AWS identity and resource policies to associate identities and resources to specific allow/deny actions. Create logically isolated networks using a Amazon Virtual Private Cloud (VPC), and Amazon VPC security groups to allow traffic only from known entities.

Audit logging and compliance

Monitor configuration changes to your domain, track user activity, and audit requests for data--including detailed connection attributes. Use AWS CloudTrail logging and OpenSearch audit logs to monitor use of configuration APIs and requests to your data.

Security upgrades and patches

Protect your data from security vulnerabilities. To minimize the need for version upgrades, OpenSearch Service provides backwards compatible security patches and upgrades for all supported versions of OpenSearch and Elasticsearch.

Index, document, and field security

Secure access to your sensitive or confidential data using advanced security controls. Use index, document or field-level security to limit access to specific indices, documents or fields.

Secure programmatic access

Communicate securely with your OpenSearch domain using Sigv4 signed requests sent using AWS SDKs or use AWS Command Line Interface (CLI).

Enable compliance and governance

Meet strict compliance and governance requirements of your organization. Amazon OpenSearch Service is part of several industry standard compliance programs including HIPAA, FedRAMP, DoD CC SRG, SOC, PCI, ISO & CSA STAR, FIPS 140-2.



Securing your log and analytics data with Amazon OpenSearch Service webinar.

Watch video »


Authenticating your AD/LDAP users to OpenSearch Dashboards via ADFS.

Read blog »


How to use AWS Security Hub and Amazon OpenSearch Service for SIEM blog.

Read blog »


Analyze Active Directory event logs using Amazon OpenSearch Service.

Read blog »


Building SAML federation for Amazon OpenSearch Service with Okta.

Read blog »


Public roadmap for OpenSearch

View GitHub »


AWS Data Lab offers accelerated, joint engineering engagements between customers and AWS technical resources to create tangible deliverables that accelerate data and analytics modernization initiatives.

Learn more »


AWS Data & Analytics Training and Certification to build your skills and validate your expertise.

Learn more »

Learn more about Amazon OpenSearch Service pricing
Visit the pricing page

Learn more about Amazon OpenSearch Service pricing.

Learn more 
Sign up for a free account
Sign up for a free account

Instantly get access to the AWS Free Tier. 

Sign up 
Start building in the console
Ready to build?

Get started building in the AWS Management Console.

Get started