Amazon Elasticsearch Service now supports encrypted communication between Elasticsearch nodes

Posted on: Sep 18, 2018

Amazon Elasticsearch Service now supports node-to-node encryption, enabling organizations to host sensitive workloads with stringent security and compliance requirements. The node-to-node encryption capability provides an additional layer of security by implementing Transport Layer Security (TLS) for all communications between Elasticsearch instances in a cluster. It ensures that any data you send to your Amazon Elasticsearch Service domain over HTTPS remains encrypted in-flight while it is being distributed and replicated between the nodes. Node-to-node encryption complements existing features provided by the service such as HTTPS client to cluster encryption, at-rest encryption, and Virtual Private Cloud (VPC) based network-level security and isolation for node-to-node communication. All certificates are deployed and rotated automatically by the service throughout the life of the domain, without any additional operational overhead. 

You can enable node-to-node encryption when creating any domain running Elasticsearch 6.0 or greater. No additional fees apply. To learn more, please refer to our documentation

Amazon Elasticsearch Service is available across 16 regions globally: US East (N. Virginia, Ohio), US West (Oregon, N. California), AWS GovCloud (US), Canada (Central), South America (Sao Paulo), EU (Ireland, London, Frankfurt, Paris), and Asia Pacific (Singapore, Sydney, Tokyo, Seoul, Mumbai).