Audit and secure your search and log analytics data with Amazon OpenSearch Service
Meet and maintain your security requirements for authentication, authorization, encryption, audit, and regulatory compliance.
Analytics solutions built on large amounts of data are especially susceptible to security risks and breaches. You need a robust security and compliance solution with these capabilities:
- Confidently host sensitive workloads
- Protect and limit access to confidential data
- Integrate with third-party identity providers
- Secure data at rest and in transit
- Audit user activity and configuration updates
- Configure programmatic access for your custom applications and other AWS services
Key security features of OpenSearch
Authentication and authorization
Protect your data from attackers by enabling encryption of data on disk, log files and automated snapshots using military grade AES-256 AWS Key Management Service (KMS) keys. Encrypt data in transit between nodes using TLS 1.2.
Granular access control
Use one or more access control features such as AWS IAM policies or fine-grained access control to provide users with a controlled and predictable way to query business data, and monitor cluster configuration.
Access policies and network isolation
Secure the perimeter to your domain by using AWS identity and resource policies to associate identities and resources to specific allow/deny actions. Create logically isolated networks using a Amazon Virtual Private Cloud (VPC), and Amazon VPC security groups to allow traffic only from known entities.
Audit logging and compliance
Monitor configuration changes to your domain, track user activity, and audit requests for data--including detailed connection attributes. Use AWS CloudTrail logging and OpenSearch audit logs to monitor use of configuration APIs and requests to your data.
Security upgrades and patches
Protect your data from security vulnerabilities. To minimize the need for version upgrades, OpenSearch Service provides backwards compatible security patches and upgrades for all supported versions of OpenSearch and Elasticsearch.
Index, document, and field security
Secure access to your sensitive or confidential data using advanced security controls. Use index, document or field-level security to limit access to specific indices, documents or fields.
Secure programmatic access
Communicate securely with your OpenSearch domain using Sigv4 signed requests sent using AWS SDKs or use AWS Command Line Interface (CLI).
Securing your log and analytics data with Amazon OpenSearch Service webinar.
Authenticating your AD/LDAP users to OpenSearch Dashboards via ADFS.
How to use AWS Security Hub and Amazon OpenSearch Service for SIEM blog.
Analyze Active Directory event logs using Amazon OpenSearch Service.
Building SAML federation for Amazon OpenSearch Service with Okta.
Public roadmap for OpenSearch
AWS Data Lab offers accelerated, joint engineering engagements between customers and AWS technical resources to create tangible deliverables that accelerate data and analytics modernization initiatives.
AWS Data & Analytics Training and Certification to build your skills and validate your expertise.