v1.0 for Steampipe, Powerpipe, Flowpipe, 116 plugins, and 44 mods →
Powerpipe Hub 
Hub
Mods
turbot/aws_compliance
Overview
32Dashboards
1295Controls
585Queries
4Variables
GitHub

Control: 6 Elasticsearch domains should have at least three data nodes

Description

This control checks whether Elasticsearch domains are configured with at least three data nodes and zoneAwarenessEnabled is true.

An Elasticsearch domain requires at least three data nodes for high availability and fault-tolerance. Deploying an Elasticsearch domain with at least three data nodes ensures cluster operations if a node fails.

Remediation

To modify the number of data nodes in an Amazon ES domain

  1. Open the Amazon Elasticsearch console.
  2. Under My domains, choose the name of the domain to edit.
  3. Choose Edit domain.
  4. Under Data nodes, set Number of nodes to a number greater than or equal to three. For three Availability Zone deployments, set to a multiple of three to ensure equal distribution across Availability Zones.
  5. Under Dedicated master nodes, set Instance type to the desired instance type.
  6. Choose Submit.

Usage

Run the control in your terminal:

powerpipe control run aws_compliance.control.foundational_security_es_6

Snapshot and share results via Turbot Pipes:

powerpipe login
powerpipe control run aws_compliance.control.foundational_security_es_6 --share

SQL

This control uses a named query:

es_domain_data_nodes_min_3

Tags

aws_foundational_security = true
category = Compliance
foundational_security_category = high_availability
foundational_security_item_id = es_6
plugin = aws
service = AWS/ES