Posted On: Sep 17, 2020
Amazon Elasticsearch Service now offers a detailed audit log of all Elasticsearch requests. Audit Logs allows customers to record a trail of all user actions, helping meet compliance regulations, improving the overall security posture and providing evidence for security investigations.
Amazon Elasticsearch Service Audit Logs allow you to log all user activity on the domain including keeping a history of user authentication success and failures, logging all requests to Elasticsearch, modifications to indices, recording incoming search queries and much more. Audit Logs provides a default configuration that covers a popular set of user actions to be tracked. Administrators can further configure and fine tune the settings to meet their needs. Audit Logs is integrated with Fine Grained Access Control, allowing you the ability to log access or modification requests to sensitive documents or fields, to meet any compliance requirements. Audit Logs can be configured to stream continuously to CloudWatch Logs and can be further analyzed there. Audit Logs settings can be changed at any time and are automatically updated.
Both new and existing Amazon Elasticsearch Service domains (version 6.7+) with Fine Grained Access Control enabled can use the Audit Logs feature. You can follow the documentation to setup the CloudWatch Logs destination and fine tune any settings.
Audit Logging is now available for Amazon Elasticsearch Service domains across 24 regions globally: US East (N. Virginia, Ohio), US West (Oregon, N. California), Amazon Web Services GovCloud (US-Gov-East, US-Gov-West), Canada (Central), South America (Sao Paulo), Africa (Cape Town), Middle East (Bahrain), EU (Ireland, London, Frankfurt, Paris, Stockholm, Milan), Asia Pacific (Singapore, Sydney, Tokyo, Seoul, Mumbai, Hong Kong), and China (Beijing) region, operated by Sinnet, China (Ningxia) region, operated by NWCD. Please refer to the Amazon Web Services Region Table for more information about Amazon Elasticsearch Service availability.