Ensure that the number of Amazon Elasticsearch cluster instances (including dedicated master instances) provisioned in your AWS account has not reached the limit quota established by your organization for the Elasticsearch workload deployed. By default, Cloud Conformity sets a threshold value of 10 for the maximum number of provisioned Elasticsearch instances, however, you have the ability to adjust this threshold based on your organization resources policy upon enabling this rule. Once you define your own threshold for the maximum number of Elasticsearch instances that you need to run across all AWS regions, Cloud Conformity engine will start to continuously scan your account for Elasticsearch cluster instances and when the number of instances reach the specified threshold you will get notified via communication channels configured within your Cloud Conformity account. If the Elasticsearch compute capacity limit quota defined for your AWS account is reached, you can raise an AWS support case where you can request to limit the number of provisioned Elasticsearch cluster instances.
This rule can help you with the following compliance standards:
For further details on compliance standards supported by Conformity, see here.
This rule can help you work with the AWS Well-Architected Framework.
This rule resolution is part of the Conformity Security & Compliance tool for AWS.
Monitoring and configuring limits for the maximum number of Elasticsearch (ES) instances provisioned within your AWS account will help you to manage better your Elasticsearch compute resources, prevent unexpected charges on your AWS bill and act fast to mitigate attacks that can use Elasticsearch resources. For example, users within your organization can create more Elasticsearch instances than the number established in the company resources policy, exceeding the monthly budget allocated for cloud computing resources. Another example could be a misconfiguration in your CloudFormation templates that can lead to launching more cluster instances than required. Also, if your AWS account security is compromised and the attackers gain the capability to provision a large number of Elasticsearch instances in order to run their malicious data analytics tools, you risk to accrue a lot of AWS charges in a short period of time.
Note: The threshold for the maximum number of Elasticsearch cluster instances per AWS account set for this conformity rule is 10 (default value).
To determine the number of Amazon Elasticsearch instances (both data instances and dedicated master instances) currently available within your AWS account, perform the following:
Remediation / Resolution
To build an AWS support case to limit the number of provisioned Elasticsearch instances based on your requirements, perform the following actions:Note: Requesting a limit for the number of AWS Elasticsearch instances per region using the AWS API via Command Line Interface (CLI) is not currently supported.
Unlock the Remediation Steps
Free 30-day Trial
Automatically audit your configurations with Conformity
and gain access to our cloud security platform.
You are auditing:
Elasticsearch Instance Counts
Risk level: Medium