Is Elastic Stretching the Truth in Its Spat With AWS Over Elasticsearch License?

The Elasticsearch and Kibana license change may have less to do with alleged abuse by AWS than Elastic's public statements would have you believe.

Christine Hall

February 1, 2021

6 Min Read
aws elasticsearch
AWS

Elastic's decision to switch the license on its popular search and analytic engine Elasticsearch from the open source Apache 2.0 license to the "fauxpen" Server Side Public License, announced in January, was a typical move for a company built on open source software. Included in the switch was Kibana, Elasticsearch's data visualization dashboard, and both will continue to also be available to paying customers under the proprietary Elastic License.

The controversy came beause Elastic claimed that its move was prompted by Amazon Web Services using Elastic's code in a SaaS offering on its cloud -- an increasingly familiar kind of accusation for the cloud giant. AWS's reaction -- to fork Elasticsearch and Kibana -- was the obvious next step.

The progression of companies starting out by marketing open source software and later switching to proprietary licensing has been around for about as long as the concept of open source, Simon Phipps, who spent nearly five years as president of the Open Source Initiative, which oversees approval of open source licenses, pointed out.

"I call it the 'rights ratchet business model,'" he told DCK, "where you start by letting open source create a market for you and acquire customers, and once you've got enough of them, you pivot and make it proprietary."

Like MongoDB and CockroachDB, which made similar moves, Elastic is painting itself as a little David with a slingshot fighting off the AWS Goliath. It claims the cloud giant has been unfairly taking advantage of Elastic by profiting from an Elasticsearch-as-a-service offering on AWS without compensating Elastic for use of its open source software.

"With the shift to SaaS as a delivery model, some cloud service providers have taken advantage of open source products by providing them as a service, without contributing back," Elastic's founder and CEO, Shay Banon, wrote in a blog announcing the change on January 14. "This diverts funds that would have been reinvested into the product, and hurts users and the community."

AWS's response was predictable. It announced on January 21, a week after Elastic's announcement, that it was forking both Elastic projects and would release them under the same Apache license under which they'd previously been covered.

"In order to ensure open source versions of both packages remain available and well supported, including in our own offerings, we are announcing today that AWS will step up to create and maintain a ALv2-licensed fork of open source Elasticsearch and Kibana," the company said in a blog.

This was the only logical next move for AWS, because under the "open but not open" SSPL license, it won't be able to offer Elasticsearch-as-a-service from future versions of the software on it's cloud.

The Tricky Nature of the Server Side Public License

The Server Side Public License was created in 2018 by another then open source company, MongoDB, to solve what was essentially the same problem. Like Elastic, Mongo claimed that AWS was offering its database as a service without compensating MongoDB. In this case, AWS said the software being used was its own, developed in-house using Mongo's APIs, which made it a drop-in replacement for MongoDB.

Similar to Elasticsearch, MongoDB was dual-licensed. It had a proprietary license, for paying customers, and an open source license, in this case the GNU AGPL 3, an OSI-approved license that was specifically designed to deal with the issue of open source software being used in SaaS environments.

Like the GPL (which is used to license the Linux operating system), the AGPL requires that any changes to the code are made available to upstream developers and that the source code is made available to the user. Unlike the GPL, which triggers these requirements only when the software is distributed, the AGPL also triggers them when the software is offered as SaaS.

The SSPL takes a more draconian approach, requiring the SaaS provider to provide to the public the source code for the entire software stack being used to make the covered software available as-a-Service, even if the supporting software is licensed from a third-party proprietary vendor, such as Microsoft or Oracle.

Phipps said the license appears to be designed to keep SaaS vendors from using open source software it covers.

"The only way that you can put a complete stack of SSPL software together is to pick every element in your stack so it's compatible with SSPL, and there are no software as a service vendors who've got that stack," he said. "It all sounds quite reasonable; it's just telling you that to be license-compliant you've got to use compatible licenses like the GPL does. In truth, it's been designed so that this class of user, the Software-as-a-Service providers, find it impossible in practical terms to comply with the license."

MongoDB initially submitted the SSPL to OSI for approval as an open source license, but eventually withdrew it when it became evident that the license was not likely to be approved in any form that would serve MongoDB's purpose, mainly because the license attempts to affect non-covered software.

Last June, another database vendor, Cockroach Labs, announced that it was changing CockroachDB's license from Apache License 2.0, the same license originally used by Elastic, to their own, open-like proprietary license, the Business Source License, which is free to use but forbids users from offering "a commercial version of CockroachDB as a service without buying a license."

AWS-as-a-Scapegoat

Like many others in the open source community, Phipps thinks that Elastic's AWS angle is a red herring, and that all three moves have really been made to force smaller regional cloud providers to have to purchase licenses for their own SaaS offerings based on their software.

"Second-tier cloud providers who are trying to service the market Amazon has created but in specific geographies like in the Far East are companies that haven't got the resources to have a team of 50 programmers to clone MongoDB," he said. "Those are the people who will probably freeload on cloud services. So all of these moves aren't aimed at, in my opinion, Amazon; they're aimed at monetizing the market."

"I find it a bit dishonest when I hear people saying that Amazon is stealing our treasures," he added. "First of all, it's open source and so you can't steal something that's been given away freely. Secondly, it isn't actually Amazon that they, their VCs, or their board [are] trying to monetize."

Phipps and others also don't believe that competition from AWS is driving these companies to the poor house. Elastic's revenue was up 43 percent in its most recent quarter, and its stock price more than doubled during the last 12 months.

Elastic will benefit from AWS's continued development of the code it's forked, because code from Apache-licensed products can be moved into SSPL projects. AWS, however, will not benefit from improvements made by Elastic to its SSPL-licensed software, since code cannot be moved from that license into Apache licensed projects.

About the Author

Christine Hall

Freelance author

Christine Hall has been a journalist since 1971. In 2001 she began writing a weekly consumer computer column and began covering IT full time in 2002, focusing on Linux and open source software. Since 2010 she's published and edited the website FOSS Force. Follow her on Twitter: @BrideOfLinux.

Subscribe to the Data Center Knowledge Newsletter
Get analysis and expert insight on the latest in data center business and technology delivered to your inbox daily.

You May Also Like