Ensure that your Amazon OpenSearch domains are using the latest version of OpenSearch engine in order to adhere to security best practices, receive the newest OpenSearch features, and benefit from better performance and security.
This rule can help you with the following compliance standards:
- PCI
- APRA
- MAS
For further details on compliance standards supported by Conformity, see here.
This rule resolution is part of the Conformity Security & Compliance tool for AWS.
efficiency
When your Amazon OpenSearch domains (clusters) are using the latest version of the OpenSearch engine, you benefit from new features and enhancements, better performance, better memory management and resource utilization, bug fixes and security patches.
Audit
To determine the OpenSearch engine version used for your Amazon OpenSearch domains, perform the following operations:
Remediation / Resolution
To upgrade the OpenSearch/ElasticSearch engine version for your Amazon OpenSearch domains to the latest(https://docs.aws.amazon.com/opensearch-service/latest/developerguide/what-is.html#choosing-version
) compatible version, perform the following operations:
References
- AWS Documentation
- What is Amazon OpenSearch Service?
- Supported operations in Amazon OpenSearch Service
- Creating and managing Amazon OpenSearch Service domains
- Step 2: Upload data to Amazon OpenSearch Service for indexing
- AWS Command Line Interface (CLI) Documentation
- es
- list-domain-names
- describe-elasticsearch-domain
- upgrade-elasticsearch-domain
- AWS Blog(s)
- Category: Amazon Elasticsearch Service
- Elasticsearch 5 now available on Amazon Elasticsearch Service
- CloudFormation Documentation
- Amazon OpenSearch Service resource type reference
- Terraform Documentation
- AWS Provider