Ensure that your Amazon Elasticsearch (ES) clusters are using the latest version of Elasticsearch engine in order to adhere to AWS best practices and receive the newest Elasticsearch features, benefit from better performance and security and get the latest bug fixes. Elasticsearch is a full-text search engine based on Lucene. Amazon Elasticsearch (ES) is a managed service designed to help you deploy, operate, and scale Elasticsearch clusters within the AWS Cloud.
This rule can help you with the following compliance standards:
- PCI
- APRA
- MAS
For further details on compliance standards supported by Conformity, see here.
This rule resolution is part of the Conformity Security & Compliance tool for AWS.
efficiency
When running your AWS ES clusters with the latest version of Elasticsearch engine you will benefit from new features and enhancements, better performance, better memory management and resource utilization, bug fixes and security patches for the engine. For example, upgrading your AWS Elasticsearch clusters (domains) version to 6.x will get you all the improvements that come with Elasticsearch 6 (better indexing performance, new data structures, instant aggregations, automatic parallel tasking of reindex, etc) plus the new ones added by AWS such as: support for newer instance types, higher number of supported APIs that can give you finer control over your clusters, and an improved visualization engine (powered by Kibana 5).
Audit
To determine the current version of your Elasticsearch (ES) domains, perform the following:
Remediation / Resolution
To upgrade the Elasticsearch engine version for your AWS ES domain, you must unload the existing data from the cluster to Amazon S3 then upload this data in a new AWS ES cluster, created using the latest version of the Elasticsearch engine. To launch and configure a new Amazon Elasticsearch cluster (domain) with the latest search engine version, perform the following:
References
- AWS Documentation
- What Is Amazon Elasticsearch Service?
- Supported Elasticsearch Operations
- Creating and Configuring Amazon Elasticsearch Service Domains
- Step 4: Uploading Data to an Amazon ES Domain for Indexing
- AWS Command Line Interface (CLI) Documentation
- es
- list-domain-names
- describe-elasticsearch-domain
- create-elasticsearch-domain
- delete-elasticsearch-domain
Unlock the Remediation Steps
Free 30-day Trial
Automatically audit your configurations with Conformity
and gain access to our cloud security platform.

You are auditing:
Elasticsearch Version
Risk level: Medium