Amazon_OS_1
The node-to-node encryption capability provides an additional layer of security by implementing Transport Layer Security (TLS) for all communications between Elasticsearch instances in a cluster. It ensures that any data you send to your Amazon Elasticsearch Service domain over HTTPS remains encrypted in-flight while it is being distributed and replicated between the nodes.
By default, domains do not use node-to-node encryption, and you can’t configure existing domains to use the feature. To enable the feature, you must create another domain and migrate your data. Node-to-node encryption requires Elasticsearch 6.0 or later.
To create an Elasticsearch domain, please follow the instructions here : https://docs.aws.amazon.com/elasticsearch-service/latest/developerguide/es-createupdatedomains.html#es-createdomains
To migrate your data using Snapshot:
https://docs.aws.amazon.com/elasticsearch-service/latest/developerguide/es-version-migration.html#snapshot-based-migration
From TF:
resource aws_elasticsearch_domain” “test” {
domain_name = “example”
elasticsearch_version = “1.5”
+ node_to_node_encryption {
+ enabled = true
+ }
tags = {
Domain = “TestDomain”
}
}
References : https://docs.aws.amazon.com/elasticsearch-service/latest/developerguide/ntn.html
Want to Know More?
Learn how our partners are managing their cloud security and compliance with Cloudlytics.
I hereby accept the GDPR and Privacy Policy, by subscribing to the newsletters.
