An Elasticsearch instance is compliant if disk encryption is enabled for its elastic data nodes. This rule does not apply to Elasticsearch instances that do not have elastic data nodes.
Risk level
The default risk level is Medium.
You can change the risk level as needed.
Detection logic
An Elasticsearch instance is compliant if disk encryption is enabled for its elastic data nodes. This rule does not apply to Elasticsearch instances that do not have elastic data nodes.
Rule details
Parameter | Description |
Rule name | Enable disk encryption for elastic data nodes of Elasticsearch instances |
Rule identifier | |
Tag | Elasticsearch |
Automatic remediation | Not supported |
Rule trigger | Configuration change |
Supported resource types | ACS::Elasticsearch::Instance |
Input parameters | None |
Remediation
To remediate a resource that is not compliant with this rule, see ES instance node configurations.