Enable disk encryption for cold data nodes of an Elasticsearch instance

更新时间:
复制 MD 格式

Checks whether disk encryption is enabled for cold data nodes of an Elasticsearch instance. Instances without cold data nodes are not evaluated by this rule.

Threat level

Default threat level: Medium.

You can change the risk level as needed.

Detection logic

  • An Elasticsearch instance is compliant if disk encryption is enabled for its cold data nodes. This rule does not apply to Elasticsearch instances that do not have cold data nodes.

Rule details

Parameter

Description

Rule name

Enable disk encryption for cold data nodes of an Elasticsearch instance

Rule identifier

elasticsearch-instance-enabled-warm-node-disk-encryption

Tag

Elasticsearch

Automatic remediation

Not supported

Rule trigger

Configuration changes

Supported resource types

ACS::Elasticsearch::Instance

Input parameters

None

Remediation

To remediate a non-compliant resource, see ES instance node configuration.