Loading controls...
Benchmark: Elasticsearch
Description
This section contains recommendations for configuring Elasticsearch resources.
Usage
Browse dashboards and select Elasticsearch:
steampipe dashboardOr run the benchmarks in your terminal:
steampipe check aws_compliance.benchmark.all_controls_esSnapshot and share results via Steampipe Cloud:
steampipe loginsteampipe check --share aws_compliance.benchmark.all_controls_esControls
- Elasticsearch domains should have audit logging enabled
- Elasticsearch domains should have cognito authentication enabled
- Elasticsearch domains should have at least three data nodes
- Elasticsearch domains should be configured with at least three dedicated master nodes
- Connections to Elasticsearch domains should be encrypted using TLS 1.2
- ES domain encryption at rest should be enabled
- Elasticsearch domain error logging to CloudWatch Logs should be enabled
- ES domains should be in a VPC
- Elasticsearch domains should have internal user database enabled
- Elasticsearch domain should send logs to CloudWatch
- Elasticsearch domain node-to-node encryption should be enabled