Ensure that your AWS Elasticsearch Service (ES) clusters are using dedicated master nodes to improve their environmental stability by offloading all the management tasks from the cluster data nodes.
This rule resolution is part of the Conformity Security & Compliance tool for AWS.
Using Elasticsearch dedicated master nodes to separate management tasks from index and search requests will improve the clusters ability to manage easily different types of workload and make them more resilient in production.
Note 1: Because ES dedicated master nodes do not process search and query requests nor hold any data, the node type chosen for this role typically does not require a large amount of CPU or RAM memory. Cloud Conformity recommends starting with the m3.medium.elasticsearch node type then adjust as necessary.
Note 2: Ensure you allocate at least 3 dedicated master nodes for each Elasticsearch domain (cluster) running in production. The default value for the number of master nodes is set to 3 but this value can be adjusted in the rule settings on the Cloud Conformity console.
To determine if your Elasticsearch clusters are using dedicated master nodes, perform the following:
Remediation / Resolution
To enable dedicated master nodes for your Amazon Elasticsearch clusters, perform the following:
Unlock the Remediation Steps
Free 30-day Trial
Automatically audit your configurations with Conformity
and gain access to our cloud security platform.
You are auditing:
Elasticsearch Dedicated Master Enabled
Risk level: Medium