What is Amazon Elasticsearch Service? - Amazon Elasticsearch Service

What is Amazon Elasticsearch Service?

Amazon Elasticsearch Service (Amazon ES) is a managed service that makes it easy to deploy, operate, and scale Elasticsearch clusters in the AWS Cloud. Elasticsearch is a popular open-source search and analytics engine for use cases such as log analytics, real-time application monitoring, and clickstream analysis. For example, you can use Elasticsearch to add a search box to your website, analyze logs, metrics, and security event data, or store your data to automate business workflows.

With Amazon ES, you get direct access to the Elasticsearch APIs; existing code and applications work seamlessly with the service. Amazon ES provisions all the resources for your Elasticsearch cluster and launches it. It also automatically detects and replaces failed Elasticsearch nodes, reducing the overhead associated with self-managed infrastructures. You can scale your cluster with a single API call or a few clicks in the console.

To get started using Amazon ES, you create a domain. An Amazon ES domain is synonymous with an Elasticsearch cluster. Domains are clusters with the settings, instance types, instance counts, and storage resources that you specify. Each instance acts as one Elasticsearch node.

You can use the Amazon ES console to set up and configure a domain in minutes. If you prefer programmatic access, you can use the AWS CLI or the AWS SDKs.

Features of Amazon Elasticsearch Service

Amazon ES includes the following features:


  • Numerous configurations of CPU, memory, and storage capacity known as instance types, including cost-effective Graviton instances

  • Up to 3 PB of attached storage

  • Cost-effective UltraWarm storage for read-only data

  • Cold storage for infrequently accessed data


  • AWS Identity and Access Management (IAM) access control

  • Easy integration with Amazon VPC and VPC security groups

  • Encryption of data at rest and node-to-node encryption

  • Amazon Cognito, HTTP basic, or SAML authentication for Kibana

  • Index-level, document-level, and field-level security

  • Audit logs

  • Kibana multi-tenancy


  • Numerous geographical locations for your resources, known as Regions and Availability Zones

  • Node allocation across two or three Availability Zones in the same AWS Region, known as Multi-AZ

  • Dedicated master nodes to offload cluster management tasks

  • Automated snapshots to back up and restore Amazon ES domains


  • SQL support for integration with business intelligence (BI) applications

  • Custom packages to improve search results

Integration with Popular Services

  • Data visualization using Kibana

  • Integration with Amazon CloudWatch for monitoring Amazon ES domain metrics and setting alarms

  • Integration with AWS CloudTrail for auditing configuration API calls to Amazon ES domains

  • Integration with Amazon S3, Amazon Kinesis, and Amazon DynamoDB for loading streaming data into Amazon ES

  • Alerts from Amazon SNS when your data exceeds certain thresholds

Supported Elasticsearch versions

Amazon ES currently supports the following Elasticsearch versions:

  • 7.10, 7.9, 7.8, 7.7, 7.4, 7.1

  • 6.8, 6.7, 6.5, 6.4, 6.3, 6.2, 6.0

  • 5.6, 5.5, 5.3, 5.1

  • 2.3

  • 1.5

Compared to earlier versions of Elasticsearch, the 7.x and 6.x versions offer powerful features that make them faster, more secure, and easier to use. Here are a few highlights:

  • Higher indexing performance – Newer versions of Elasticsearch provide superior indexing capabilities that significantly increase the throughput of data updates.

  • Better safeguards – Newer versions of Elasticsearch help prevent overly broad or complex queries from negatively affecting the performance and stability of the cluster.

  • Vega visualizations – Kibana 6.2 and later versions support the Vega visualization language, which lets you make context-aware Elasticsearch queries, combine multiple data sources into a single graph, add user interactivity to graphs, and much more.

  • Java high-level REST client – Compared to the low-level client, this client offers a simplified development experience and supports most Elasticsearch APIs. For a code example, see Signing HTTP Requests.

For more information, see Supported Elasticsearch operations, Features by Elasticsearch version, and Plugins by Elasticsearch version.

If you start a new Elasticsearch project, we strongly recommend that you choose the latest supported Elasticsearch version. If you have an existing domain that uses an older Elasticsearch version, you can choose to keep the domain or migrate your data. For more information, see Upgrading Elasticsearch.

Pricing for Amazon Elasticsearch Service

For Amazon ES, you pay for each hour of use of an EC2 instance and for the cumulative size of any EBS storage volumes attached to your instances. Standard AWS data transfer charges also apply.

However, some notable data transfer exceptions exist. If a domain uses multiple Availability Zones, Amazon ES does not bill for traffic between the Availability Zones. Significant data transfer occurs within a domain during shard allocation and rebalancing. Amazon ES neither meters nor bills for this traffic. Similarly, Amazon ES does not bill for data transfer between UltraWarm/cold nodes and Amazon S3.

For full pricing details, see Amazon Elasticsearch Service Pricing. For information about charges incurred during configuration changes, see Charges for configuration changes.

Getting started with Amazon Elasticsearch Service

To get started, sign up for an AWS account if you don't already have one. After you are set up with an account, complete the Getting Started tutorial for Amazon Elasticsearch Service. Consult the following introductory topics if you need more information while learning about the service:

For information on migrating to Amazon ES from a self-managed Elasticsearch cluster, see Migrating to Amazon Elasticsearch Service.

Amazon ES commonly is used with the following services:

Amazon CloudWatch

Amazon ES domains automatically send metrics to CloudWatch so that you can monitor domain health and performance. For more information, see Monitoring Amazon Elasticsearch Service cluster metrics with Amazon CloudWatch.

CloudWatch Logs can also go the other direction. You might configure CloudWatch Logs to stream data to Amazon ES for analysis. To learn more, see Loading streaming data from Amazon CloudWatch.

AWS CloudTrail

Use AWS CloudTrail to get a history of the Amazon ES configuration API calls and related events for your account. For more information, see Monitoring Amazon Elasticsearch Service API calls with AWS CloudTrail.

Amazon Kinesis

Kinesis is a managed service for real-time processing of streaming data at a massive scale. For more information, see Loading streaming data from Amazon Kinesis Data Streams and Loading streaming data from Amazon Kinesis Data Firehose.

Amazon S3

Amazon Simple Storage Service (Amazon S3) provides storage for the internet. This guide provides Lambda sample code for integration with Amazon S3. For more information, see Loading streaming data from Amazon S3.


AWS Identity and Access Management (IAM) is a web service that you can use to manage access to your Amazon ES domains. For more information, see Identity and Access Management in Amazon Elasticsearch Service.

AWS Lambda

AWS Lambda is a compute service that lets you run code without provisioning or managing servers. This guide provides Lambda sample code to stream data from DynamoDB, Amazon S3, and Kinesis. For more information, see Loading streaming data into Amazon Elasticsearch Service.

Amazon DynamoDB

Amazon DynamoDB is a fully managed NoSQL database service that provides fast and predictable performance with seamless scalability. To learn more about streaming data to Amazon ES, see Loading streaming data from Amazon DynamoDB.

Amazon QuickSight

You can visualize data from Amazon ES using Amazon QuickSight dashboards. For more information, see Using Amazon Elasticsearch Service with Amazon QuickSight in the Amazon QuickSight User Guide.


OpenSearch is an open source search, analytics, and visualization suite with many of the same advanced features as Amazon ES: fine-grained access control, index management, alerting, anomaly detection, and more.