Menu
I will use my Rails/Mysql/Elasticsearch for processing some sensitive data, so I want to encrypt my data at rest.
It is clear to me that I can use AWS KMS to encrypt data in Mysql. It's important for me that this encryption is transparent for my application.
But now I'm concerned about indexes and data gathered by Elasticsearch. Is there a similar way to transparently encrypt data there?
I am interested in solutions both for Elasticsearch-as-an-application as well as AWS Elasticsearch-as-service as I have not decided what I'll be using.
350
As I mentioned in the answer to your previous question, AWS does not support encryption-at-rest for the ElasticSearch service at this time. For encryption-in-transit you can use HTTPS connections, as per the AWS Support response to this question:
You can use https for encrypted communication with your domain.
Communication between nodes is not encrypted. The nodes themselves are hosted within our VPC, and all communication between nodes remains within it.
If you need encryption-at-rest for ElasticSearch, you will have to setup your own ElasticSearch cluster on EC2 instances, and use encrypted EBS volumes.
105
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
