Skip to main content

More Info:

AWS ElasticSearch (ES) clusters should be healthy, i.e. they all have shard allocation status set to “Green”

Risk Level

Low

Address

Reliability

Compliance Standards

CBP

Triage and Remediation

  • Remediation

Remediation

Using Console

To remediate the ElasticSearch Cluster Status misconfiguration in AWS, follow these steps:
  1. Open the AWS Management Console and navigate to the ElasticSearch service.
  2. Select the ElasticSearch cluster that has the misconfiguration.
  3. Check the Cluster Health status in the Overview tab. If it is not green, then the cluster is not healthy.
  4. Click on the Index Management tab and check if all the indices are in the green state. If any index is not in the green state, then it needs to be remediated.
  5. Click on the Dev Tools tab and select the Console option.
  6. In the console, execute the following command to check the cluster health: 
GET _cluster/health
  1. If the cluster health is not green, then execute the following command to find out the reason for the misconfiguration:
GET _cluster/allocation/explain
  1. Based on the output of the above command, take the necessary steps to remediate the misconfiguration. For example, if there is not enough disk space, then add more disk space to the nodes in the cluster.
  2. Once the misconfiguration is remediated, check the cluster health again using the above commands to ensure that it is in the green state.
  3. Finally, monitor the cluster health regularly to ensure that it remains healthy.

To remediate ElasticSearch Cluster Status should be healthy for AWS using AWS CLI, follow these steps:
  1. Open the AWS CLI on your local machine or terminal.
  2. Run the following command to get the status of your ElasticSearch cluster: 
    aws es describe-elasticsearch-domain --domain-name <your-domain-name> --query 'DomainStatus.Health'
    Note: Replace <your-domain-name> with the name of your ElasticSearch domain.
  3. If the status is not “HEALTHY”, then check the error message by running the following command: 
    aws es describe-elasticsearch-domain --domain-name <your-domain-name> --query 'DomainStatus.ElasticsearchClusterConfig'
  4. Identify the misconfiguration that is causing the issue and rectify it based on the error message.
  5. After rectifying the misconfiguration, run the following command to update the ElasticSearch domain: 
    aws es update-elasticsearch-domain-config --domain-name <your-domain-name>
  6. Wait for a few minutes for the changes to take effect. Then, run the following command again to check the status of the ElasticSearch cluster: 
    aws es describe-elasticsearch-domain --domain-name <your-domain-name> --query 'DomainStatus.Health'
  7. If the status is “HEALTHY”, then the remediation is successful. If not, repeat steps 3-6 until the issue is resolved.
To remediate the ElasticSearch cluster status issue for AWS using Python, follow these steps:
  1. Install the boto3 library for AWS SDK for Python using the following command:
pip install boto3
  1. Configure your AWS credentials using the aws configure command or by setting the environment variables AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY.
  2. Create an ElasticSearch client using the boto3.client method and specify the region where your ElasticSearch cluster is located: 
import boto3

es_client = boto3.client('es', region_name='us-west-2')
  1. Use the describe_elasticsearch_domains method to get the status of your ElasticSearch cluster:
response = es_client.describe_elasticsearch_domains(
    DomainNames=['my-elasticsearch-cluster']
)

status = response['DomainStatusList'][0]['ElasticsearchClusterStatus']
Note: Replace my-elasticsearch-cluster with the name of your ElasticSearch cluster.
  1. Check if the status is green, which indicates that the cluster is healthy. If the status is not green, then perform the necessary actions to remediate the issue. For example, you can increase the number of nodes in the cluster or allocate more resources to the nodes.
if status != 'green':
    # Perform necessary actions to remediate the issue
    # For example, increase the number of nodes in the cluster
    es_client.update_elasticsearch_domain_config(
        DomainName='my-elasticsearch-cluster',
        ElasticsearchClusterConfig={
            'InstanceType': 'm5.large.elasticsearch',
            'InstanceCount': 2
        }
    )
Note: Replace m5.large.elasticsearch with the desired instance type and 2 with the desired number of nodes.
  1. Verify that the status of the ElasticSearch cluster is now green by repeating steps 4 and 5.
response = es_client.describe_elasticsearch_domains(
    DomainNames=['my-elasticsearch-cluster']
)

status = response['DomainStatusList'][0]['ElasticsearchClusterStatus']

if status == 'green':
    print('ElasticSearch cluster is healthy')
else:
    print('ElasticSearch cluster is still not healthy')
Note: Replace my-elasticsearch-cluster with the name of your ElasticSearch cluster.

Additional Reading:

I