Checks that disk encryption is enabled for elastic data nodes of Elasticsearch instances. Instances without elastic data nodes are evaluated as not applicable.
Risk level
The default risk level is Medium.
You can change the risk level based on your business requirements.
Detection logic
-
An Elasticsearch instance is compliant if disk encryption is enabled for its elastic data nodes. This rule does not apply to Elasticsearch instances that do not have elastic data nodes.
Rule details
|
Parameter |
Description |
|
Rule name |
Enable disk encryption for elastic data nodes of Elasticsearch instances |
|
Rule identifier |
|
|
Tag |
Elasticsearch |
|
Automatic remediation |
Not supported |
|
Rule trigger |
Configuration change |
|
Supported resource types |
ACS::Elasticsearch::Instance |
|
Input parameters |
None |
Remediation
To remediate a non-compliant resource, see ES instance node configurations.