Ensure High Availability with At Least Three Data Nodes in Elasticsearch Domains
Verifies that Elasticsearch domains are configured with at least three data nodes to ensure high availability and fault tolerance.
| Rule | Elasticsearch domains should have at least three data nodes |
| Framework | AWS Foundational Security Best Practices |
| Severity | ✔ Medium |
Rule Description:
Elasticsearch domains should have a minimum of three data nodes for AWS Foundational Security Best Practices. This ensures high availability and fault tolerance for the Elasticsearch cluster.
Troubleshooting Steps:
If the Elasticsearch domain does not have at least three data nodes, follow these steps to remediate:
- 1.Check the current configuration of the Elasticsearch domain to determine the number of data nodes.
- 2.Evaluate the available resources and consider adding additional data nodes if needed.
- 3.Update the configuration settings to allocate resources for at least three data nodes.
Necessary Codes:
If you need to update the configuration settings to add more data nodes, you can use the following code snippet:
PUT /_cluster/settings
{
"persistent": {
"discovery.zen.minimum_master_nodes": 2
}
}
Step-by-Step Guide for Remediation:
- 1.Log in to the AWS Management Console.
- 2.Navigate to the Elasticsearch service.
- 3.Select the Elasticsearch domain that needs to be updated.
- 4.Click on the "Modify" option to edit the domain configuration.
- 5.Locate the settings related to the number of data nodes and adjust the configuration to have at least three data nodes.
- 6.Save the changes and wait for the domain to be updated.
- 7.Verify that the Elasticsearch domain now has a minimum of three data nodes for improved security.
By ensuring that Elasticsearch domains have at least three data nodes, you adhere to AWS Foundational Security Best Practices and enhance the reliability of your Elasticsearch cluster.