AWS and Cloudanix team co-authored this blog: Real-Time Threat and Anomaly Detection for Workloads on AWS

Cloudanix

AWS Elastic Search Audit

ElasticSearch domains should be encrypted with KMS. ElasticSearch domains should be encrypted to ensure data at rest is secured.

ElasticSearch Domains Should Be Encrypted

ElasticSearch domains should be encrypted with KMS. ElasticSearch domains should be encrypted to ensure data at rest is secured.

ElasticSearch Should Use HTTPS Only

ElasticSearch domains are configured to enforce HTTPS connections. ElasticSearch domains should be configured to enforce HTTPS connections for all clients to ensure encryption of data in transit.

ElasticSearch Should Have Logging Enabled

ElasticSearch domains should be configured to log data to CloudWatch. ElasticSearch domains should be configured with logging enabled with logs sent to CloudWatch for analysis and long-term storage.

ElasticSearch Domains Should Have Node To Node Encryption

ElasticSearch domain traffic should be encrypted in transit between nodes. ElasticSearch domains should use node-to-node encryption to ensure data in transit remains encrypted using TLS 1.2.

ElasticSearch Domains Should Be Launched With Private VPC Endpoints

ElasticSearch domains should be created with private VPC endpoint options. ElasticSearch domains can either be created with a public endpoint or with a VPC configuration that enables internal VPC communication. Domains should be created without a public endpoint to prevent potential public access to the domain.

ElasticSearch Domains Should Use The Latest Service Software

ElasticSearch domains should be running the latest service software. ElasticSearch domains should be configured to run the latest service software which often contains security updates.

ElasticSearch Cluster Status Should Be Healthy

AWS ElasticSearch (ES) clusters should be healthy, i.e. they all have shard allocation status set to "Green"

Elasticsearch Domain Should Be Encrypted with KMS CMKs

Your Amazon ElasticSearch (ES) domains should be encrypted with KMS Customer Master Keys (CMKs) instead of AWS managed-keys

Elasticsearch Should Have Free Storage Space

Scale up any Amazon ElasticSearch (ES) clusters that appear to run low on disk space to help mitigate any issues.

Elasticsearch Domains Should Be Accessible Only From Whitelisted IP Addresses

The access to your Elasticsearch Service (ES) domains should be made based on whitelisted IP addresses only in order to protect them against unauthorized access

Elasticsearch Domains Should Not Allow Cross Account Access

All your Elasticsearch Service (ES) clusters should be configured to allow access only to trusted AWS users and accounts in order to protect against unauthorized cross account access

Elasticsearch Clusters Should Have Dedicated Master Enabled

Your AWS Elasticsearch Service (ES) clusters should be using dedicated master nodes to improve their environmental stability by offloading all the management tasks from the cluster data nodes.

Elasticsearch Should Use The Desired Instance Type

Determine if the Elasticsearch (ES) instances provisioned in your AWS account have the desired instance type established by your organization based on the workload deployed.

Elasticsearch Domains Should Not Be Publicly Exposed

AWS Elasticsearch domains should not be publicly accessible their access policy should be updated in order to stop any unsigned requests made to these resources

Elasticsearch Should Use General Purpose SSD

Your Amazon Elasticsearch (ES) clusters should be using General Purpose SSD (gp2) data nodes instead of Provisioned IOPS SSD (io1) nodes for cost-effective storage that fits a broad range of workloads

Elasticsearch Instance Count

The number of Amazon Elasticsearch cluster instances provisioned in your AWS account should not have reached the limit quota established by your organization

Elasticsearch Reserved Instance Lease Expiration In The Next 30 Days

Your AWS Elasticsearch Reserved Instances (RIs) should be renewed before expiration in order to get a significant discount on the hourly charges.

Elasticsearch Reserved Instance Lease Expiration In The Next 7 Days

Your AWS Elasticsearch Reserved Instances (RIs) should be renewed before expiration in order to get a significant discount on the hourly charges.

Elasticsearch Reserved Instance Should Not Have Status - Payment Failed

Your AWS Account should not have any failed Amazon Elasticsearch (ES) Reserved Instances.

Elasticsearch Reserved Instance Should Not Have Status - Payment Pending

Identify any pending Amazon Elasticsearch (ES) Reserved Instances available in your AWS account and solve these incomplete ES reservations by requesting AWS Support to retry the necessary payments

Elasticsearch Reserved Instance Recent Purchases Should Be Reviewed

All active Amazon Elasticsearch (ES) Reserved Instance purchases should be reviewed every 7 days to make sure that no unwanted RI purchase has been placed recently.

Elasticsearch Should Have Zone Awareness Enabled

AWS Elasticsearch (ES) cross-zone replication (Zone Awareness) should be enabled to increase the availability of your ES clusters

Elasticsearch Clusters Should Not Be Idle

Amazon Elasticsearch (ES) clusters should not appear to be idle. Such idle clusters should be removed from your account to help lower the cost of your monthly AWS bill.

cta-image

Secure Every Layer of Your Cloud Stack with Cloudanix

Unify your security workflows with Cloudanix — one dashboard for misconfigurations, drift detection, CI/CD, and identity protection.

Get Started

CLOUDANIX

Insights from Cloudanix

Explore guides, checklists, and blogs that simplify cloud security and help you secure your infrastructure.