Elasticsearch Clusters Should Have Dedicated Master Enabled

More Info:

Your AWS Elasticsearch Service (ES) clusters should be using dedicated master nodes to improve their environmental stability by offloading all the management tasks from the cluster data nodes.

Risk Level

Low

Address

Reliability, Security

Compliance Standards

CBP

Triage and Remediation

Remediation

Using Console

Using CLI

To remediate the Elasticsearch cluster misconfiguration in AWS using AWS CLI, follow these steps:

Open the AWS CLI on your local computer or EC2 instance.
Get the Elasticsearch domain name using the following command:

aws es list-domain-names

Get the Elasticsearch cluster configuration using the following command:

aws es describe-elasticsearch-domain --domain-name <your_domain_name>

Check if the Dedicated Master is enabled or not. If it is not enabled, you will see “false” in the output of the above command.
To enable the Dedicated Master, use the following command:

aws es update-elasticsearch-domain-config --domain-name <your_domain_name> --elasticsearch-cluster-config '{"DedicatedMasterEnabled":true,"ZoneAwarenessEnabled":true,"DedicatedMasterCount":3,"InstanceType":"m4.large.elasticsearch","ZoneAwarenessConfig":{"AvailabilityZoneCount":2}}'

Wait for a few minutes for the changes to take effect.
Verify the configuration by running the same command as step 3.
Check if the Dedicated Master is enabled or not. If it is enabled, you will see “true” in the output of the above command.

By following these steps, you can remediate the Elasticsearch cluster misconfiguration of not having Dedicated Master enabled in AWS using AWS CLI.

Using Python

To remediate the Elasticsearch cluster misconfiguration for AWS using Python, follow these steps:

Install the AWS SDK for Python (Boto3) using the following command:

pip install boto3

Create an AWS Elastic Cloud Compute (EC2) instance and install Elasticsearch on it. You can use the following code to create an EC2 instance:

import boto3

ec2 = boto3.resource('ec2', region_name='your_region')

instance = ec2.create_instances(
    ImageId='your_ami_id',
    InstanceType='your_instance_type',
    KeyName='your_key_pair_name',
    MinCount=1,
    MaxCount=1
)

Install the Elasticsearch Python client using the following command:

pip install elasticsearch

Use the Elasticsearch Python client to enable dedicated master nodes for the Elasticsearch cluster. You can use the following code:

from elasticsearch import Elasticsearch

es = Elasticsearch([
    {'host': 'your_elasticsearch_host', 'port': 'your_elasticsearch_port'}
])

# Enable dedicated master nodes
es.cluster.put_settings(body={
    "persistent": {
        "discovery": {
            "zen": {
                "minimum_master_nodes": 2
            }
        }
    }
})

Verify that dedicated master nodes have been enabled by checking the Elasticsearch cluster settings using the following code:

# Get Elasticsearch cluster settings
settings = es.cluster.get_settings()

# Check if dedicated master nodes are enabled
if settings['persistent']['discovery']['zen']['minimum_master_nodes'] == 2:
    print("Dedicated master nodes enabled")
else:
    print("Dedicated master nodes not enabled")

Delete the EC2 instance that you created in step 2 using the following code:

# Get EC2 instance ID
instance_id = instance[0].instance_id

# Terminate EC2 instance
ec2.instances.filter(InstanceIds=[instance_id]).terminate()

By following these steps, you can remediate the Elasticsearch cluster misconfiguration for AWS using Python.

Additional Reading:

https://docs.aws.amazon.com/elasticsearch-service/latest/developerguide/es-managedomains-dedicatedmasternodes.html

AWS Introduction

AWS Pricing

AWS Threats

AWS Misconfigurations

Elasticsearch Clusters Should Have Dedicated Master Enabled

More Info:

Risk Level

Address

Compliance Standards

Triage and Remediation

Remediation

Additional Reading:

AWS Introduction

AWS Pricing

AWS Threats

AWS Misconfigurations

​More Info:

​Risk Level

​Address

​Compliance Standards

​Triage and Remediation

​Remediation

​Additional Reading:

More Info:

Risk Level

Address

Compliance Standards

Triage and Remediation

Remediation

Additional Reading: