Amazon Elasticsearch Service - AWS GovCloud (US)

Amazon Elasticsearch Service

Amazon Elasticsearch Service (Amazon ES) is a managed service that makes it easy to deploy, operate, and scale Elasticsearch, a popular open-source search and analytics engine. Amazon ES also offers security options, high availability, data durability, and direct access to the Elasticsearch API.

How Amazon Elasticsearch Service Differs for AWS GovCloud (US)

  • Amazon Cognito authentication for Kibana is not supported in the AWS GovCloud (US) Regions.

  • In AWS GovCloud (US) East, AWS ElasticSearch only supports 2 availability zone deployments. 3 availability zone deployments are available in AWS GovCloud (US) West.

Documentation for Amazon Elasticsearch Service

Amazon Elasticsearch Service documentation.

ITAR Boundary

AWS GovCloud (US) has an ITAR boundary, which defines where customers are allowed to store ITAR-controlled data for this service in AWS GovCloud (US) Regions. To maintain ITAR compliance, you must place ITAR-controlled data on the applicable part of the ITAR boundary. If you do not have any ITAR-controlled data in AWS GovCloud (US) Regions, this section does not apply to you. The following information identifies the ITAR boundary for this service:

ITAR-Regulated Data Permitted

ITAR-Regulated Data Not Permitted

  • All documents entered, stored, and processed in an Elasticsearch cluster can contain ITAR-regulated data.

  • Amazon Elasticsearch Service metadata is not permitted to contain ITAR-regulated data. This metadata includes all configuration data that you specify when creating and maintaining your Elasticsearch clusters and indices, such as index names, alias names, tags, snapshot names, and repository names.

  • Do not enter ITAR-regulated data in the following fields:

    • Domain name

    • Index names

    • Type names

    • Document IDs

    • Snapshot names

    • Resource tags

    • Repository names

    • Alias names

    • CloudWatch log group names