Ensure that AWS Elasticsearch (ES) cross-zone replication (Zone Awareness) is enabled to increase the availability of your ES clusters by allocating the nodes and replicate the data across two Availability Zones (AZs) in the same region in order to prevent data loss and minimize downtime in the event of node or data center (AZ) failure.
This rule can help you with the following compliance standards:
This rule can help you work with the AWS Well-Architected Framework
This rule resolution is part of the Cloud Conformity Security & Compliance tool for AWS
Enabling ES Zone Awareness promotes fault tolerance by distributing your Elasticsearch data nodes across two Availability Zones available in the same AWS region.
Note 1: To use the Zone Awareness feature, your Amazon ES clusters must have an even number of instances in their configuration.
Note 2: Once the ES cross-zone replication is enabled, you must use the native Elasticsearch API to replicate the data for your clusters by creating replica shards.
To determine if the Zone Awareness feature is enabled for your Elasticsearch clusters, you need to perform the following:
Remediation / Resolution
To enable cross-zone replication for your Amazon Elasticsearch clusters, perform the following:
Unlock the Remediation Steps
Free 30-day Trial
Automatically audit your configurations with Conformity
and gain access to our cloud security platform.
You are auditing:
Elasticsearch Zone Awareness Enabled
Risk level: Medium