Best practice rules for Amazon Elasticsearch Service
Amazon Elasticsearch Service is a managed service, easy to deploy, operate, and scale Elasticsearch in the Cloud. Elasticsearch is a popular open-source search and analytics engine for use cases such as log analytics, real-time application monitoring, and click stream analytics.
Trend Micro Cloud One™ – Conformity monitors Amazon Elasticsearch Service with the following rules:
- AWS Elasticsearch Slow Logs
Ensure that Slow Logs feature is enabled for your Amazon Elasticsearch (ES) clusters.
- ElasticSearch ClusterStatus
Ensure that Amazon ElasticSearch (ES) clusters are healthy (Green).
- ElasticSearch Domain Encrypted with KMS CMKs
Ensure AWS ElasticSearch domains are encrypted with KMS Customer Master Keys.
- ElasticSearch Free Storage Space
Identify AWS ElasticSearch clusters with low free storage space and scale them to optimize their performance.
- ElasticSearch Node To Node Encryption
Ensure node-to-node encryption is enabled for your Amazon ElasticSearch (ES) clusters.
- Elasticsearch Accessible Only From Safelisted IP Addresses
Ensure only safelisted IP addresses can access your Amazon Elasticsearch domains.
- Elasticsearch Cross Account Access
Ensure Amazon Elasticsearch clusters do not allow unknown cross account access.
- Elasticsearch Dedicated Master Enabled
Ensure Amazon Elasticsearch clusters are using dedicated master nodes to increase the production environment stability.
- Elasticsearch Desired Instance Type
Ensure that all your Amazon Elasticsearch cluster instances are of given instance types.
- Elasticsearch Domain Exposed
Ensure Amazon Elasticsearch Service (ES) domains are not exposed to everyone.
- Elasticsearch Domain In VPC
Ensure AWS Elasticsearch domains are accessible from a Virtual Private Cloud (VPC).
- Elasticsearch General Purpose SSD
Ensure Elasticsearch nodes are using General Purpose SSD storage instead of Provisioned IOPS SSD storage to optimize the service costs.
- Elasticsearch Instance Counts
Ensure fewer AWS Elasticsearch cluster instances than provided limit in your AWS account.
- Elasticsearch Reserved Instance Lease Expiration In The Next 30 Days
Ensure Amazon Elasticsearch (ES) Reserved Instances are renewed before expiration.
- Elasticsearch Reserved Instance Lease Expiration In The Next 7 Days
Ensure Amazon Elasticsearch (ES) Reserved Instances are renewed before expiration.
- Elasticsearch Reserved Instance Payment Failed
Ensure AWS Elasticsearch Reserved Instance (RI) purchases have not failed.
- Elasticsearch Reserved Instance Payment Pending
Ensure AWS Elasticsearch Reserved Instance (RI) purchases are not pending.
- Elasticsearch Reserved Instance Recent Purchases
Ensure Elasticsearch Reserved Instance (RI) purchases are regularly reviewed (informational).
- Elasticsearch Version
Ensure that you always use the latest version of Elasticsearch engine for your AWS Elasticsearch domains.
- Elasticsearch Zone Awareness Enabled
Ensure high availability for your Amazon Elasticsearch clusters by enabling the Zone Awareness feature.
- Encryption At Rest
Ensure at-rest encryption is enabled for your Amazon ElasticSearch domains.
- Idle Elasticsearch Clusters
Identify any idle AWS Elasticsearch clusters and delete them in order to optimize your AWS costs.