Ensure that your Amazon OpenSearch clusters are using dedicated master nodes to improve their environmental stability by offloading all the management tasks from the cluster data nodes.
This rule resolution is part of the Conformity Security & Compliance tool for AWS.
Using Amazon OpenSearch dedicated master nodes to separate management tasks from index and search requests will improve the clusters ability to manage easily different types of workload and make them more resilient in production.
Note: Ensure that you allocate at least 3 dedicated master nodes for each OpenSearch cluster (domain) running in production. The default value for the number of master nodes is set to 3 but this value can be adjusted in the rule settings on the Trend Micro Cloud One™ – Conformity account console.
Audit
To determine if your Amazon OpenSearch clusters are using dedicated master nodes, perform the following operations:
Remediation / Resolution
To enable dedicated master nodes for your Amazon OpenSearch clusters (domains), perform the following operations:
References
- AWS Documentation
- Amazon OpenSearch Service FAQs
- What is Amazon OpenSearch Service?
- Creating and managing Amazon OpenSearch Service domains
- AWS Command Line Interface (CLI) Documentation
- es
- list-domain-names
- describe-elasticsearch-domain
- update-elasticsearch-domain-config
- CloudFormation Documentation
- Amazon OpenSearch Service (successor to Amazon Elasticsearch Service) resource type reference
- Terraform Documentation
- AWS Provider
Unlock the Remediation Steps
Free 30-day Trial
Automatically audit your configurations with Conformity
and gain access to our cloud security platform.
You are auditing:
OpenSearch Dedicated Master Enabled
Risk Level: Medium