---
title: "Using Fortanix Confidential Computing Manager for Easy Deployment of Elasticsearch on AWS Nitro"
slug: "using-fortanix-confidential-computing-manager-for-easy-deployment-of-elasticsearch-on-aws-nitro"
updated: 2026-05-27T10:05:43Z
published: 2026-05-27T10:05:43Z
---

> ## Documentation Index
> Fetch the complete documentation index at: https://support.fortanix.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Using Fortanix Confidential Computing Manager for Easy Deployment of Elasticsearch on AWS Nitro

## 1.0 Introduction

The guide describes easy deployment of Elasticsearch cluster on Amazon Web Service (AWS) Nitro using Fortanix Confidential Computing Manager and AWS CloudFormation. It also contains the information related to:

- Deploying Solution in Amazone Web Service (AWS) Cloud
- Type of deployments
- Providing necessary permissions to AWS user
- Ingesting sample data into Elasticsearch
- Cloning sample data into Elasticsearch
- Installing and configuring Elasticsearch client - Kibana
- Sample searches using Kibana
- Deleting solution stack from AWS

### 1.1 Overview

Securing Elasticsearch with Confidential Computing enables the operation of the Elasticsearch database within a secure trusted execution environment, safeguarding the database's information during its active state when Elasticsearch data is processed within the CPU.

The solution orchestrates the following resources:

- Amazon Web Service
  - Security Policies
  - Resource Stack – VPC, Subnet, EC2, Security Group, IAM Role or Policy, and so on.
  - Nitro Enclave Software
- Fortanix
  - Node Agent Software
  - Elasticsearch Nitro Enclave(s) – single-node and multi-node

*For more information, refer to*[*Securing Elasticsearch with Confidential Computing*](https://www.fortanix.com/resources/solution-briefs/securing-elasticsearch-with-confidential-computing).

### 1.2 Prerequisites

Ensure the following:

- AWS Account Subscription and sign-in.
- Download the Fortanix CBD-Elasticsearch CloudFormation template for AWS [here](https://fortanix-fileshare.s3.us-west-1.amazonaws.com/cdb_templates/AWS/elasticsearch/template.yaml).
- AWS Permissions to deploy or remove solution stack. Request the administrator to add the following IAM Policy to allow required permissions for creating or deleting AWS resources within the specified subscription.

![IAMPolicy-AWS-Elasticsearch.png](https://cdn.us.document360.io/c3bd85d2-4ad8-4d85-9f60-f1c168a3aad9/Images/Documentation/20699850577556.png)

**Figure 1: IAM Policy**

## 2.0 Fortanix Confidential Database - Elasticsearch

To begin with the easy deployment of the Elasticsearch, it is mandatory to initiate a session within the AWS Management Console. This console serves as the primary interface for managing AWS resources and services, granting you access to the requisite components for configuration and deployment.

### 2.1 Log into AWS

Perform the following steps:

Visit [https://aws.amazon.com/](https://aws.amazon.com/) and sign in.

![LogginIn-AWS-Elasticsearch.png](https://cdn.us.document360.io/c3bd85d2-4ad8-4d85-9f60-f1c168a3aad9/Images/Documentation/20699837286548.png)

**Figure 2: Logging in**

### 2.2 Create Solution Stack

Perform the following steps:

1. On successful login, search for the **CloudFormation** option under the **Services** tab

![CloudFormationMenu-AWS-Elasticsearch.png](https://cdn.us.document360.io/c3bd85d2-4ad8-4d85-9f60-f1c168a3aad9/Images/Documentation/20699882476180.png)

**Figure 3: AWS CloudFormation menu**
2. Select the **CloudFormation** menu and then click **Create stack**.

![CreateStack-AWS-Elasticsearch.png](https://cdn.us.document360.io/c3bd85d2-4ad8-4d85-9f60-f1c168a3aad9/Images/Documentation/20699850581780.png)

**Figure 4: Create stack**
3. On the **Create stack** page, select the required radio button:
  - **Template is ready** under **Prerequisite – Prepare template** section.
  - **Amazon S3 URL** under **Specify template** section.
4. Enter the [Amazon S3 URL](https://fortanix-fileshare.s3.us-west-1.amazonaws.com/cdb_templates/AWS/elasticsearch/template.yaml) provided for the **Secure Elasticsearch** CloudFormation template. Alternatively, if the template is readily available, you can drag and drop it. Then click **Next** to proceed further.

![CreateStackWizard-AWS-Elasticsearch.png](https://cdn.us.document360.io/c3bd85d2-4ad8-4d85-9f60-f1c168a3aad9/Images/Documentation/20732403082260.png)

**Figure 5: Create stack wizard**

### 2.3 Input Parameters

Fill in the input parameters on the next page. These input parameters are categorized into two sections: **General Parameters (AWS-specific parameters)** and**Confidential Database (CBD)** parameters. The required input parameters are deliberately kept minimal to simplify the deployment process.

1. **General parameters**
  1. **Stack name** – Enter a required name for the solution stack.
  2. **KeyPairName** – Specify the AWS Keypair to connect to EC2 instances.
  3. **AvailabilityZone** – Select the availability zone where you want to deploy this solution.
  4. **InstanceType** – Select an instance type from supported options: c5a.2xlarge, c5a.4xlarge, or c5a.8xlarge.
  5. **Storage** – Select the storage size as per requirements.
2. **Confidential DB parameters**

![StackDetails-AWS-Elasticsearch.png](https://cdn.us.document360.io/c3bd85d2-4ad8-4d85-9f60-f1c168a3aad9/Images/Documentation/20700963123604.png)

**Figure 6: Fill input parameters**

Verify the entered values for each input parameter on the following screen and then click **Submit**.

![ReviewStackDetails-AWS-Elasticsearch.png](https://cdn.us.document360.io/c3bd85d2-4ad8-4d85-9f60-f1c168a3aad9/Images/Documentation/20700963131156.png)

![ReviewStackDetails1-AWS-Elasticsearch.png](https://cdn.us.document360.io/c3bd85d2-4ad8-4d85-9f60-f1c168a3aad9/Images/Documentation/20700963140884.png)

**Figure 7: Verify values**
  1. **ElastcsearchVersion** – Select the Elasticsearch version from the drop down menu. The supported versions are 8.9.0, 8.8.0, and 8.7.0.
  2. **DeploymentType** – Select the deployment type from the supported deployment types - single node or three node cluster.
  3. **ElasticsearchPassword** – Set a valid password for Elasticsearch.

### 2.4 Solution Resources Parameters

The **Resources** tab furnishes an in-depth perspective on the components associated with a specific CloudFormation stack. This section delivers crucial insights about each resource, encompassing details such as its type, physical ID, status, and additional metadata.

![ResourcesParameters-AWS-Elasticsearch.png](https://cdn.us.document360.io/c3bd85d2-4ad8-4d85-9f60-f1c168a3aad9/Images/Documentation/20700990325140.png)

**Figure 8: Resource parameters**

### 2.5 Solution Output Parameters

The **Outputs** tab showcases the results outlined within your stack. It reveals details regarding the stack, which might include resource identifiers, web addresses, or other pertinent data, once the stack has been successfully created or updated.

> [!NOTE]
> NOTE
> 
> Please be advised that it typically requires about 3-5 minutes to set up and initiate a single-node cluster and approximately 10 minutes for a three-node cluster to become operational.

![ResourcesOutputParameters-AWS-Elasticsearch.png](https://cdn.us.document360.io/c3bd85d2-4ad8-4d85-9f60-f1c168a3aad9/Images/Documentation/20706787712148.png)

**Figure 9: Output parameters**

## 3.0 Ingest and Data Into Elasticsearch

A range of data input methods are at the disposal of Elasticsearch users.

### 3.1 Using Elasticsearch Python Client

Run the following command to install the Elasticsearch Python Client:

```bash
python -m pip install elasticsearch
```

To illustrate, the following code snippet demonstrates the process of ingesting sample data through multiple approaches.

```bash
from elasticsearch import Elasticsearch

# Connect to Elasticsearch
es = Elasticsearch('http://localhost:9200',,basic_auth=('username', 'password'))) # Replace with your Elasticsearch server URL

# Index name and document data
index_name = 'your_index_name' # Replace with the desired index name
document = {
  'title': 'Sample Document',
  'content': 'This is some example content for the document.'
}

# Ingest the document
response = es.index(index=index_name, document=document)

# Print the response
print('Document ingested successfully:', response)
```

### 3.2 Reindex From Remote (Non-Nitro) Cluster

Execute the following REST API request to copy the documents from a source location to a destination:

```bash
POST _reindex
{
  "source": {
      "remote": {
      "host": "http://otherhost:9200",
      "username": "user",
      "password": "pass"
    },
    "index": "my-index-000001",
    "query": {
      "match": {
        "test": "data"
      }
    }
  },
  "dest": {
    "index": "my-new-index-000001"
  }
}
```

## 4.0 Install and Configure Kibana

> [!NOTE]
> NOTE
> 
> For optimal compatibility, it's advisable to ensure that the versions of Elasticsearch and Kibana are in sync.

Perform the following steps:

1. Run the following command to install Kibana using docker:

```bash
docker pull docker.elastic.co/kibana/kibana:8.9.0
```
2. Run the following command to execute the Kibana docker image:

```bash
docker run -p 5601:5601 docker.elastic.co/kibana/kibana:8.9.0
```
3. Run the following command to configure the password for the built-in user “`kibana_system`” to authenticate Kibana to the Elasticsearch Cluster running in a secure enclave:

```bash
curl -k -X POST "http://:@ec2-54-153-27-69.us-west-1.compute.amazonaws.com:9200/_security/user/kibana_system/_password?pretty" -H 'Content-Type: application/json' -d' {"password" : "changeme"}'
```
4. Access the Kibana through port 5601. The following dialog box might appear on the screen:

![Kibana-AWS-Elasticsearch.png](https://cdn.us.document360.io/c3bd85d2-4ad8-4d85-9f60-f1c168a3aad9/Images/Documentation/20706580601492.png)

**Figure 10: Configure Elastic**
5. Click **Configure manually** and enter the Elasticsearch endpoint.

![ConfigureManually-AWS-Elasticsearch.png](https://cdn.us.document360.io/c3bd85d2-4ad8-4d85-9f60-f1c168a3aad9/Images/Documentation/20706580619924.png)

**Figure 11: Configure Manually**
6. Click **Configure Elastic**.
7. Enter the password for the previously configured **kibana_system** user.

![EnterPassword-AWS-Elasticsearch.png](https://cdn.us.document360.io/c3bd85d2-4ad8-4d85-9f60-f1c168a3aad9/Images/Documentation/20706587994900.png)

**Figure 12: Enter password**
8. Click **Configure Elastic**.

![ConfigureElastic-AWS-Elasticsearch.png](https://cdn.us.document360.io/c3bd85d2-4ad8-4d85-9f60-f1c168a3aad9/Images/Documentation/20706588007700.png)

**Figure 13: Configure Elastic**
9. Enter the **Password** for Elastic user to access the Kibana UI.

![EnterPasswordKibana-AWS-Elasticsearch.png](https://cdn.us.document360.io/c3bd85d2-4ad8-4d85-9f60-f1c168a3aad9/Images/Documentation/20706588017940.png)

**Figure 14: Access Kibana UI**

## Related

- [Fortanix CCM - Quickstart](/quickstart-guide.md)
- [Using Fortanix Confidential Computing Manager to Build an Enclave OS Nginx Application](/using-fortanix-confidential-computing-manager-to-build-an-enclave-os-nginx-application.md)
- [Workflow Applications Using Fortanix EDP](/workflow-applications-using-fortanix-edp.md)