News

How to get started with Elasticsearch Service on AWS GovCloud

Editor's Note — July 29, 2020: Elastic Cloud is now fully authorized at the FedRAMP Moderate Impact level and generally available (GA) on AWS GovCloud.

We’re happy to announce the beta availability of our new government region, AWS GovCloud (US East), for the Elasticsearch Service on Elastic Cloud. This new region is our first step in simplifying operations for Elastic users who handle government data as we work toward gaining a Moderate authorization for the Federal Risk and Authorization Management Program (FedRAMP).

FedRAMP is widely considered to be one of the most robust and demanding security compliance programs, enforcing FIPS 140-2 validated encryption at the boundary and at rest, as well as many other US federal security standards and controls. Elasticsearch Service on Elastic Cloud is currently marked as FedRAMP “In Process" on the FedRAMP Marketplace and is undergoing a third-party assessment.

If you're a new or existing user who handles data for a US federal, state, or local government entity — or an educational institution — fill out this short form to request access to Elasticsearch Service on AWS GovCloud. All beta deployments will automatically inherit future FedRAMP authorization granted on the environment without any action needed.

Here’s how you can quickly deploy your first Elasticsearch Service cluster on AWS GovCloud, access Kibana, and bring the benefits of a managed service to your enterprise search, observability, and security projects.

Step 1: Apply for access to Elasticsearch Service on AWS GovCloud

The AWS GovCloud region is isolated from other Elasticsearch Service regions and has a different signup process that requires approval prior to creating an account by design. To apply, fill out this short application or contact your Elastic sales representative.

Request access for GovCloud

Step 2: Create your first deployment

Once you’ve been approved, Elastic will send instructions on how to validate your email, create a password, and sign in to AWS GovCloud. After logging in, you’ll be able to start your free 14-day trial of Elasticsearch Service.

After logging in for the first time, you’ll be prompted to create your first deployment and taken to the “Create Deployment” screen. From there you can select your cloud platform, an Elastic Stack version, and a series of deployment templates.

These deployment templates give you access to Elasticsearch Service’s set of exclusive features on top of our recommended hardware configurations for solving enterprise search, observability, and security use cases. More about these later on.

Step 3: Access Kibana and add data

After creating your deployment, you’ll be given a one-time password you can use to gain access to Kibana with an automatically generated secure URL. From the home screen, you can add a variety of security and observability data sources.

Add data to Kibana

For example, let's configure Auditbeat on a laptop and view this data with Elastic SIEM. We’ll follow the instructions on the “Add data” screen and configure Auditbeat, and within a few minutes after configuring and running, we’ll see the data live in Elastic SIEM.

Live data in Elastic SIEM

Step 4: Search. Observe. Protect.

You can choose deployment templates and utilize recommended hardware configurations for enterprise search, observability, and security use cases. 

Enterprise Search

Elastic App Search is the fastest way to add search to your website, mobile app, or SaaS application. It offers powerful APIs and developer tools, advanced search relevance and tolerance controls, built-in real-time analytics for actionable insights, and more. Users who require use of specific Elasticsearch APIs for their search use case should try out the I/O optimized deployment template, which makes use of NVMe local storage.

Observability

Centralize your logs, metrics, and APM data using Elasticsearch Service’s features for data management and out-of-the-box UIs. These data management features include the hot-warm template, which lets you scale your data with both fast NVMe SSDs (hot) as well as cost-effective spinning disks (warm). You can also pair hot-warm templates alongside index lifecycle management and index rollups to gain full control around your observability data. Then, leverage the dedicated logs, metrics, and APM apps that allow you to quickly troubleshoot and diagnose issues with a connected experience.

Security

Similar to observability, Elasticsearch Service’s features for data management along with the SIEM app give you excellent visibility. You can deploy the same hot-warm template for all incoming security events and leverage index lifecycle management and snapshot lifecycle management to age out and archive data. Be sure to make use of the SIEM app with hundreds of pre-built detection rules in 7.6 to automatically bring action to your data.

If you’re looking for additional inspiration, be sure to check out some of the existing Elastic government use cases:

What’s next?

During the AWS GovCloud beta period, users can still deploy production workloads backed by Elastic’s support and engineers by purchasing one of our annual subscriptions. Monthly subscriptions will be available in the future. Learn more about Elasticsearch Service subscription options.