Skip to main content

More Info:

Your Amazon Elasticsearch (ES) clusters should be using General Purpose SSD (gp2) data nodes instead of Provisioned IOPS SSD (io1) nodes for cost-effective storage that fits a broad range of workloads

Risk Level

Low

Address

Cost Optimisation

Compliance Standards

CBP

Triage and Remediation

  • Remediation

Remediation

Using Console

To remediate the Elasticsearch misconfiguration in AWS using the AWS console, follow these steps:
  1. Log in to your AWS console.
  2. Navigate to the Elasticsearch service and select the Elasticsearch domain that is misconfigured.
  3. Click on the “Modify” button to modify the domain.
  4. In the “EBS Options” section, select “General Purpose SSD” as the volume type for your Elasticsearch domain.
  5. Click on the “Save Changes” button to save the changes to your Elasticsearch domain.
After completing these steps, your Elasticsearch domain will be using the recommended “General Purpose SSD” volume type. This will help optimize your Elasticsearch performance and ensure that it is running smoothly in your AWS environment.

To remediate the Elasticsearch misconfiguration “Elasticsearch should use General Purpose SSD” for AWS using AWS CLI, you can follow the below steps:
  1. Open the AWS CLI and run the following command to get the list of Elasticsearch domains in your AWS account: aws es list-domain-names
  2. Identify the Elasticsearch domain that needs to be remediated.
  3. Run the following command to update the Elasticsearch domain configuration to use General Purpose SSD: aws es update-elasticsearch-domain-config --domain-name <domain-name> --ebs-options EBSEnabled=true,VolumeType=gp2 Replace <domain-name> with the name of the Elasticsearch domain that needs to be remediated.
  4. Verify that the Elasticsearch domain configuration has been updated by running the following command: aws es describe-elasticsearch-domain --domain-name <domain-name> Replace <domain-name> with the name of the Elasticsearch domain that was remediated.
  5. Verify that the Elasticsearch domain is now using General Purpose SSD by checking the value of the EBSOptions.VolumeType parameter in the output of the above command. It should be set to gp2.
By following these steps, you can successfully remediate the Elasticsearch misconfiguration “Elasticsearch should use General Purpose SSD” for AWS using AWS CLI.
To remediate the Elasticsearch should use General Purpose SSD misconfiguration in AWS using Python, you can follow the below steps:
  1. Install the AWS SDK for Python (Boto3) using pip install boto3 command.
  2. Create an EC2 client using boto3.client(‘ec2’) method.
  3. Use the describe_volumes() method of the EC2 client to get the list of all the volumes in your AWS account.
  4. Loop through the list of volumes and check if the volume is attached to an Elasticsearch instance.
  5. If the volume is attached to an Elasticsearch instance, check the volume type.
  6. If the volume type is not “gp2” (General Purpose SSD), modify the volume type to “gp2” using the modify_volume() method of the EC2 client.
  7. Repeat steps 4-6 for all the Elasticsearch instances in your AWS account.
Here’s the Python code to remediate the Elasticsearch should use General Purpose SSD misconfiguration in AWS:
import boto3

# Create an EC2 client
ec2 = boto3.client('ec2')

# Get the list of all the volumes in your AWS account
volumes = ec2.describe_volumes()

# Loop through the list of volumes
for volume in volumes['Volumes']:
    # Check if the volume is attached to an Elasticsearch instance
    if 'Tags' in volume:
        for tag in volume['Tags']:
            if tag['Key'] == 'Name' and tag['Value'].startswith('elasticsearch-'):
                # Check the volume type
                if volume['VolumeType'] != 'gp2':
                    # Modify the volume type to "gp2"
                    ec2.modify_volume(VolumeId=volume['VolumeId'], VolumeType='gp2')
Note: This code assumes that your Elasticsearch instances are named with a prefix “elasticsearch-”. You can modify the code based on your naming convention.

Additional Reading:

I