How to Design HIPAA Compliant Solution Using ELK, AWS ECS & Cognito

AllCloud Blog: Cloud Insights and Innovation

HIPAA compliant and containerized, AllCloud was able to build a customized and secure HIPAA compliant solution atop AWS ECS (EC2 Container Service) that is both easy to manage and scalable.

The entire process started with our own deployment on a standard EC2. When we started to face difficulty setting up High Availability and automatic recovery, we decided to focus our attention on AWS ElasticSearch managed service, but it wasn’t HIPAA eligible so we needed to find a different solution.

AWS ECS was HIPAA eligible at that moment, we thought okay we should setup ELK (Elasticsearch, Logstash, and Kibana) on AWS ECS as it is a high-performance container orchestration service that allows you to easily run and scale containerized applications. With all of this, we will no longer need to install and operate a container orchestration software or manage and scale a cluster.

The following diagram and summary bullets present the solution we came up with.

  • One application Load Balancer to handle our traffic for ElasticSearch and Kibana (HTTPS)
  • Classic Load Balancer to handle Logstash traffic (TCP)
  • ECS Cluster to run our containers – Five ElasticSearch containers to ensure high availability.
  • One Kibana container for UI – set as replica services
  • One Logstash container – set as replica services
  • Curator is a scheduled task:
    • Cleanup runs every 5 days
    • Snapshots run on a daily basis
  • Application stack send logs to CloudWatch with 30 day retention period
  • Lambda backups app CloudWatch logs on S3 on a daily basis for longer retention
  • Logstash plugin for CloudWatch logs and Grok to parse different types of app logs (php, nodejs, nginx)
  • User AUTH to Kibana is made through OneLogin and GSuite using AWS Cognito.

Read more about how to build a secure and compliant cloud solution on AWS or contact us.