> Seems like you know a thing or two about this — are all the reports I see about companies leaking tons and tons of data through improperly configured elastic search instances something using the aws’s offering would fix (or even ES’s hosted offering)

The primary issue that leads to that is that the stock open source elasticsearch distribution (APL licenced) does come with no security at all. It even used to be the case that even the most basic security was a plugin that required a paid license. That changed only after AWS released the opendistro set of plugins with a free plugin to add security - after that, elastic offered a basic (free as in beer, but still non-free as in freedom) license that would include security. Additionally, the early ES versions would bind to all IPs by default, so just starting the server would make it available from outside. If you weren't expecting that and no firewall was protecting you, your ES cluster would be available from the outside with not authentication.

Both AWS and elastics hosted offering come with a configured security plugin, so that at least makes it harder to leak data. Obviously, even with authentication you can still leak credential or such.

Hm. So Elastic releases a neutered version of their product that leads to countless PII leaks, AWS provides a FOSS plug-in to fix that, then Elastic turns around and says AWS is leaching off their product and not contributing back to the community and implements a licensing change to prevent them from working together in the future? I can’t help but side with the AWS folks on this one —- I get wanting to make money, but insecure-by-default services are inexcusable, especially when it’s expected that they’ll contain PII.