Checks whether disk encryption is enabled for cold data nodes of an Elasticsearch instance. Instances without cold data nodes are not evaluated by this rule.
Threat level
Default threat level: Medium.
You can change the risk level as needed.
Detection logic
-
An Elasticsearch instance is compliant if disk encryption is enabled for its cold data nodes. This rule does not apply to Elasticsearch instances that do not have cold data nodes.
Rule details
|
Parameter |
Description |
|
Rule name |
Enable disk encryption for cold data nodes of an Elasticsearch instance |
|
Rule identifier |
|
|
Tag |
Elasticsearch |
|
Automatic remediation |
Not supported |
|
Rule trigger |
Configuration changes |
|
Supported resource types |
ACS::Elasticsearch::Instance |
|
Input parameters |
None |
Remediation
To remediate a non-compliant resource, see ES instance node configuration.
该文章对您有帮助吗?