Open menu
-->

AWS Elasticsearch Best Practices

Amazon Elasticsearch Service is a managed service, easy to deploy, operate, and scale Elasticsearch in the Cloud.



Amazon Elasticsearch Service is a managed service, easy to deploy, operate, and scale Elasticsearch in the Cloud. Elasticsearch is a popular open-source search and analytics engine for use cases such as log analytics, real-time application monitoring, and click stream analytics.

Cloud Conformity checks Amazon Elasticsearch service according to the following rules:

AWS Elasticsearch Desired Instance Type
Ensure that all your Amazon Elasticsearch cluster instances are of given instance types.

ElasticSearch Domain Encrypted with KMS CMKs
Ensure AWS ElasticSearch domains are encrypted with KMS Customer Master Keys.

AWS Elasticsearch Domain In VPC
Ensure AWS Elasticsearch domains are accessible from a Virtual Private Cloud (VPC).

Elasticsearch Unknown Cross Account Access
Ensure Amazon Elasticsearch clusters do not allow unknown cross account access.

AWS Elasticsearch Exposed Domains
Ensure Amazon Elasticsearch Service (ES) domains are not exposed to everyone.

Elasticsearch Domain IP-Based Access
Ensure only whitelisted IP addresses can access your Amazon Elasticsearch domains.

Idle Elasticsearch Clusters
Identify any idle AWS Elasticsearch clusters and delete them in order to optimize your AWS costs.

Enable Elasticsearch Dedicated Master Nodes
Ensure Amazon Elasticsearch clusters are using dedicated master nodes to increase the production environment stability.

Elasticsearch General Purpose SSD Node Type
Ensure Elasticsearch nodes are using General Purpose SSD storage instead of Provisioned IOPS SSD storage to optimize the service costs.

Elasticsearch Version
Ensure that you always use the latest version of Elasticsearch engine for your AWS Elasticsearch domains.

Enable Elasticsearch Zone Awareness
Ensure high availability for your Amazon Elasticsearch clusters by enabling the Zone Awareness feature.

Enable AWS ElasticSearch Encryption At Rest
Ensure at-rest encryption is enabled for your Amazon ElasticSearch domains.

AWS ElasticSearch Free Storage Space
Identify AWS ElasticSearch clusters with low free storage space and scale them to optimize their performance.

Total Number of Elasticsearch Instances
Ensure fewer AWS Elasticsearch cluster instances than provided limit in your AWS account.

Enable AWS ElasticSearch Node-to-Node Encryption
Ensure node-to-node encryption is enabled for your Amazon ElasticSearch (ES) clusters.

Elasticsearch Reserved Instance Lease Expiration In The Next 30 Days
Ensure Amazon Elasticsearch (ES) Reserved Instances are renewed before expiration.

Elasticsearch Reserved Instance Lease Expiration In The Next 7 Days
Ensure Amazon Elasticsearch (ES) Reserved Instances are renewed before expiration.

AWS Elasticsearch Reserved Instance Failed Purchases
Ensure AWS Elasticsearch Reserved Instance (RI) purchases have not failed.

AWS Elasticsearch Reserved Instance Pending Purchases
Ensure AWS Elasticsearch Reserved Instance (RI) purchases are not pending.

AWS Elasticsearch Reserved Instance Recent Purchases
Ensure Elasticsearch Reserved Instance (RI) purchases are regularly reviewed (informational).

Enable AWS Elasticsearch Slow Logs
Ensure that Slow Logs feature is enabled for your Amazon Elasticsearch (ES) clusters.