AWS Elasticsearch Best Practices

Best practice rules for Amazon Elasticsearch Service

Amazon Elasticsearch Service is a managed service, easy to deploy, operate, and scale Elasticsearch in the Cloud. Elasticsearch is a popular open-source search and analytics engine for use cases such as log analytics, real-time application monitoring, and click stream analytics.

Cloud Conformity monitors Amazon Elasticsearch Service following the following rules:

AWS Elasticsearch Slow Logs
Ensure that Slow Logs feature is enabled for your Amazon Elasticsearch (ES) clusters.
ElasticSearch ClusterStatus
Ensure that Amazon ElasticSearch (ES) clusters are healthy (Green).
ElasticSearch Domain Encrypted with KMS CMKs
Ensure AWS ElasticSearch domains are encrypted with KMS Customer Master Keys.
ElasticSearch Free Storage Space
Identify AWS ElasticSearch clusters with low free storage space and scale them to optimize their performance.
ElasticSearch Node To Node Encryption
Ensure node-to-node encryption is enabled for your Amazon ElasticSearch (ES) clusters.
Elasticsearch Accessible Only From Whitelisted IP Addresses
Ensure only whitelisted IP addresses can access your Amazon Elasticsearch domains.
Elasticsearch Cross Account Access
Ensure Amazon Elasticsearch clusters do not allow unknown cross account access.
Elasticsearch Dedicated Master Enabled
Ensure Amazon Elasticsearch clusters are using dedicated master nodes to increase the production environment stability.
Elasticsearch Desired Instance Type
Ensure that all your Amazon Elasticsearch cluster instances are of given instance types.
Elasticsearch Domain Exposed
Ensure Amazon Elasticsearch Service (ES) domains are not exposed to everyone.
Elasticsearch Domain In VPC
Ensure AWS Elasticsearch domains are accessible from a Virtual Private Cloud (VPC).
Elasticsearch General Purpose SSD
Ensure Elasticsearch nodes are using General Purpose SSD storage instead of Provisioned IOPS SSD storage to optimize the service costs.
Elasticsearch Instance Counts
Ensure fewer AWS Elasticsearch cluster instances than provided limit in your AWS account.
Elasticsearch Reserved Instance Lease Expiration In The Next 30 Days
Ensure Amazon Elasticsearch (ES) Reserved Instances are renewed before expiration.
Elasticsearch Reserved Instance Lease Expiration In The Next 7 Days
Ensure Amazon Elasticsearch (ES) Reserved Instances are renewed before expiration.
Elasticsearch Reserved Instance Payment Failed
Ensure AWS Elasticsearch Reserved Instance (RI) purchases have not failed.
Elasticsearch Reserved Instance Payment Pending
Ensure AWS Elasticsearch Reserved Instance (RI) purchases are not pending.
Elasticsearch Reserved Instance Recent Purchases
Ensure Elasticsearch Reserved Instance (RI) purchases are regularly reviewed (informational).
Elasticsearch Version
Ensure that you always use the latest version of Elasticsearch engine for your AWS Elasticsearch domains.
Elasticsearch Zone Awareness Enabled
Ensure high availability for your Amazon Elasticsearch clusters by enabling the Zone Awareness feature.
Encryption At Rest
Ensure at-rest encryption is enabled for your Amazon ElasticSearch domains.
Idle Elasticsearch Clusters
Identify any idle AWS Elasticsearch clusters and delete them in order to optimize your AWS costs.