AWS Adds VPC Support to Elasticsearch Service
Providing another layer of security for users of its Elasticsearch Service, Amazon Web Services (AWS) this week added support for virtual private clouds (VPCs).
Amazon Elasticsearch Service, or Amazon ES, is a managed solution that lets users quickly spin up clusters of the open source Elasticsearch engine in an AWS environment.
In an update announced in a Tuesday blog post by AWS technical evangelist Randall Hunt, AWS now enables users to run all inward and outbound Amazon ES traffic from inside a VPC, eliminating the need to provision NAT instances or Internet gateways.
The move helps to insulate Amazon ES users against the security risks posed by running traffic through the public Internet, according to Hunt.
"To support VPCs, Amazon ES places an endpoint into at least one subnet of your VPC," Hunt explained in his blog. "Amazon ES places an Elastic Network Interface (ENI) into the VPC for each data node in the cluster. Each ENI uses a private IP address from the IPv4 range of your subnet and receives a public DNS hostname. If you enable zone awareness, Amazon ES creates endpoints in two subnets in different availability zones, which provides greater data durability."
The new VPC support is effective immediately, and Amazon ES users can take advantage of it at no charge, Hunt said.