Ensure that your AWS Elasticsearch clusters have enabled the support for publishing slow logs to AWS CloudWatch Logs. This feature enables you to publish slow logs from the indexing and search operations performed on your ES clusters and gain full insight into the performance of these operations.
This rule can help you with the following compliance standards:
For further details on compliance standards supported by Conformity, see here.
This rule can help you work with the AWS Well-Architected Framework.
This rule resolution is part of the Conformity Security & Compliance tool for AWS.
Once enabled, Elasticsearch slow logs can help you identify performance issues caused by specific queries or due to changes in cluster usage. Then you can use this information to optimize your queries or your index configuration to address the problem.
Note: If enabled, the standard Amazon CloudWatch pricing does apply.
To determine if your AWS ES clusters have enabled the support for publishing slow logs (search and index slow logs) to AWS CloudWatch, perform the following:
Remediation / Resolution
To enable Elasticsearch Slow Logs publishing to AWS CloudWatch Logs, perform the following:
- AWS Documentation
- What Is Amazon Elasticsearch Service?
- Creating and Configuring Amazon Elasticsearch Service Domains
- AWS Command Line Interface (CLI) Documentation
Unlock the Remediation Steps
Free 30-day Trial
Automatically audit your configurations with Conformity
and gain access to our cloud security platform.
You are auditing:
AWS Elasticsearch Slow Logs
Risk level: Medium