6

I will use my Rails/Mysql/Elasticsearch for processing some sensitive data, so I want to encrypt my data at rest.

It is clear to me that I can use AWS KMS to encrypt data in Mysql. It's important for me that this encryption is transparent for my application.

But now I'm concerned about indexes and data gathered by Elasticsearch. Is there a similar way to transparently encrypt data there?

I am interested in solutions both for Elasticsearch-as-an-application as well as AWS Elasticsearch-as-service as I have not decided what I'll be using.

borisano
  • 1,270
  • 1
  • 16
  • 28

2 Answers2

8

As I mentioned in the answer to your previous question, AWS does not support encryption-at-rest for the ElasticSearch service at this time. For encryption-in-transit you can use HTTPS connections, as per the AWS Support response to this question:

You can use https for encrypted communication with your domain.

Communication between nodes is not encrypted. The nodes themselves are hosted within our VPC, and all communication between nodes remains within it.

If you need encryption-at-rest for ElasticSearch, you will have to setup your own ElasticSearch cluster on EC2 instances, and use encrypted EBS volumes.

Mark B
  • 183,023
  • 24
  • 297
  • 295
  • Thank your for your effort answering my questions, I really appreciate it! – borisano Aug 16 '16 at 08:42
  • That only solves encryption at disk level. If you have a requirement of using encryption key for each client / index, I don't know of any supported way to encrypt data using KMS or other encryption keys. – animageofmine Mar 22 '17 at 03:26
0

Now AWS has come up with encryption for their Elasticseach services. You can go through link

Deepak A
  • 322
  • 1
  • 3
  • 12