Checks whether the virtual private clouds (VPCs) associated with an Elasticsearch cluster fall within the VPC range specified by the input parameter of this rule if the input parameter is set, or checks whether the network type of the Elasticsearch cluster is set to VPC if the input parameter is left empty.
Scenarios
We recommend that you purchase an Elasticsearch cluster of the VPC network type to isolate the network and protect the cloud network security.
Risk level
Default risk level: medium.
You can change the risk level as required when you apply this rule.
Compliance evaluation logic
- If the input parameter is set and the VPCs associated with the Elasticsearch cluster fall within the VPC range specified by the input parameter, the evaluation result is compliant. If the input parameter is left empty but the network type of the Elasticsearch cluster is set to VPC, the evaluation result is compliant.
- If the input parameter is set but the VPCs associated with the Elasticsearch cluster fall outside the VPC range specified by the input parameter, the evaluation result is non-compliant. If the input parameter is left empty and the network type of the Elasticsearch cluster is set to the classic network, the evaluation result is non-compliant. For more information about how to correct the non-compliant configuration, see Non-compliance remediation.
Rule details
Item | Description |
---|---|
Rule name | elasticsearch-instance-in-vpc |
Rule ID | elasticsearch-instance-in-vpc |
Tag | Elasticsearch and VPC |
Automatic remediation | Not supported |
Trigger type | Configuration change |
Supported resource type | Elasticsearch cluster |
Input parameter | vpcIds Note Separate multiple parameter values with commas (,).
|
Non-compliance remediation
Create an Elasticsearch cluster of the VPC network type. For more information, see Getting Started.