Security for Elasticsearch is now free

Free, not open source version. Obviously a reaction to Amazon&#x27;s fork- not wanting to give them any code to pull into their version.<p>It will be interesting to see if this is enough to retain the majority of the userbase or if we&#x27;ll still see a majority migrate to the &#x27;Open Distro&#x27; fork.

I know it&#x27;s hard to make a buck with an open source business model but deciding to charge more for security related features is always so frustrating to me. It leads to a culture of insecure deployments in environments when the business is trying to save money. Differentiate on storage or number of cores or something, anything but auth&#x2F;security. I&#x27;m glad they&#x27;ve finally reversed this.

This (while perhaps not perfect) is massive for us, it’s going to be especially useful for Kibana authentication to add readonly and write users, something we’ve wanted for a long time but haven’t been able to afford as a non-profit, charitable organisation.<p>I know it’s not all 100% open source, but it’s better than a nginx reverse proxy hack or similar.<p>Thank you Elastic for continuing to create fantastic software.

Running Elasticsearch on K8s storing 16TB of compressed logs across 6 data nodes and ~4600 shards.<p>We&#x27;re a really happy ES customer. We&#x27;ve on ESv6 at the moment and it&#x27;s been running amazingly for us. We&#x27;ve halved our storage and running costs by moving from 5 to 6.<p>We&#x27;ve always been a licensed customer and they are in front of AWS with their features (we run our k8s stack on AWS though :) )

Interesting. Three hours ago someone in our Ops team shared a link to &quot;Open Distro for Elasticsearch&quot; [1] and it&#x27;s also featured on the AWS console login page.<p>Is this a very rushed reaction to it? Or is this related? I would really love to have a clarification of what&#x27;s happening in that space.<p>[1] <a href="https:&#x2F;&#x2F;opendistro.github.io&#x2F;for-elasticsearch&#x2F;" rel="nofollow">https:&#x2F;&#x2F;opendistro.github.io&#x2F;for-elasticsearch&#x2F;</a>

Too little too late? Trying to charge for TLS was a very poor move and it&#x27;s made me not trust ElasticSearch...

There&#x27;s also a lesser known project out there: <a href="https:&#x2F;&#x2F;search-guard.com&#x2F;" rel="nofollow">https:&#x2F;&#x2F;search-guard.com&#x2F;</a><p>Paired with an OpenResty reverse proxy I was able to set up a reasonably secure cluster back when X-Pack was prohibitively expensive and the AWS offering wasn&#x27;t under their BAA.<p>Big thanks to that team of contributors!

Some of the worst breaches of 2017-19 have been due to open ES clusters, some on AWS. This is a welcome change. I just spun our AWS ES cluster down in favor of BigQuery, but while I was setting it up security for it was a big chore, with defaults that are in no way sane. AWS EC2 does a great job at secure defaults for auth and firewalls, RDS even moreso. Why was ES left to wag in the wind out of the box?