Amazon Web Services (AWS), which provides additional security for Elasticsearch Service users, added support for virtual private cloud (VPC) this week.
Amazon Elasticsearch Service (or Amazon ES) is a managed solution that allows users to quickly spin up clusters using the open-source Elasticsearch engine within an AWS environment.
Randall Hunt, AWS technical evangelist, announced that AWS now allows users to run all inbound and outbound Amazon ES traffic inside a VPC. This eliminates the need to provision NAT instances, Internet gateways, or other NAT-related services.
Hunt stated that the move is intended to protect Amazon ES users from security risks posed when traffic flows through the public Internet.
Hunt explained that Amazon ES places an Amazon ES endpoint into at most one subnet of your VPC to support VPCs. Amazon ES places an Elastic network interface (ENI), into the VPC for each cluster data node. Each ENI receives a public DNS hostname and uses a private IP address taken from your subnet’s IPv4 range. Amazon ES can create endpoints in two subnets within different availability zones if you enable zone awareness. This provides greater data durability.
Hunt stated that the new VPC support is available immediately and Amazon ES users can take full advantage of it free of charge.