An Elasticsearch instance is considered compliant if disk encryption is enabled for its cold data nodes. This rule does not apply if an Elasticsearch instance does not have cold data nodes.
Threat level
Default threat level: Medium.
You can change the risk level as needed.
Detection logic
An Elasticsearch instance is compliant if disk encryption is enabled for its cold data nodes. This rule does not apply to Elasticsearch instances that do not have cold data nodes.
Rule details
Parameter | Description |
Rule name | Enable disk encryption for cold data nodes of an Elasticsearch instance |
Rule identifier | |
Tag | Elasticsearch |
Automatic remediation | Not supported |
Rule trigger | Configuration changes |
Supported resource types | ACS::Elasticsearch::Instance |
Input parameters | None |
Remediation
For instructions on how to remediate a non-compliant resource, see ES instance node configuration.