Detections
Analytics

Ensure general purpose SSD node type is not used for AWS ElasticSearch Domains

HIGH

Description

Using SSDs other than general purpose may lead to surge in costs.

Remediation

In AWS Console -

  1. Sign in to AWS Console and go to the Elasticsearch (ES) dashboard.
  2. Click on the ES domain.
  3. Open the cluster configuration page.
  4. In the storage section verify the EBS Volume type.

In Terraform -

  1. In the aws_elasticsearch_domain resource, configure the ebs_options.volume_type appropriately.

References:
https://docs.aws.amazon.com/opensearch-service/latest/developerguide/managedomains-configuration-changes.html
https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/elasticsearch_domain#ebs_options

Policy Details

Rule Reference ID: AC_AWS_0108
CSP: AWS
Remediation Available: Yes
Domain: Compliance Validation
Resource: aws_elasticsearch_domain
Resource Category: Analytics
Resource Type: ElasticSearch Service

Frameworks