Skip to main content

More Info:

Determine if the Elasticsearch (ES) instances provisioned in your AWS account have the desired instance type established by your organization based on the workload deployed.

Risk Level

Low

Address

Cost Optimisation, Security

Compliance Standards

CBP

Triage and Remediation

  • Remediation

Remediation

Using Console

Sure, here are the step by step instructions to remediate the Elasticsearch misconfiguration “Elasticsearch Should Use The Desired Instance Type” for AWS using the AWS console:
  1. Open the AWS Management Console and navigate to the Elasticsearch Service.
  2. Click on the Elasticsearch domain that you want to remediate.
  3. In the navigation pane, click on the “Elasticsearch Version” link.
  4. In the “Elasticsearch Version” page, click on the “Update” button.
  5. In the “Update Elasticsearch Version” page, select the desired Elasticsearch version and instance type.
  6. Click on the “Next” button.
  7. In the “Instance Configuration” page, select the number of instances and the instance type.
  8. Click on the “Next” button.
  9. In the “Review” page, review the changes and click on the “Submit” button to apply the changes.
Once you have completed these steps, the Elasticsearch instance will be updated to use the desired instance type.

To remediate the Elasticsearch instance type misconfiguration in AWS using AWS CLI, follow these steps:
  1. Open the AWS CLI and check the current Elasticsearch instance type by running the following command: 
    aws es describe-elasticsearch-domain --domain-name <your-domain-name> --output json
  2. The output will show the current Elasticsearch instance type. Note down the instance type and determine the desired instance type.
  3. Modify the Elasticsearch instance type by running the following command: 
    aws es update-elasticsearch-domain-config --domain-name <your-domain-name> --elasticsearch-cluster-config InstanceType=<desired-instance-type>
    Replace <your-domain-name> with the name of your Elasticsearch domain and <desired-instance-type> with the desired instance type.
  4. Wait for the Elasticsearch domain to update, which may take several minutes. You can check the status of the update by running the following command: 
    aws es describe-elasticsearch-domain --domain-name <your-domain-name> --output json
  5. Verify that the Elasticsearch instance type has been updated to the desired instance type.
That’s it! You have successfully remediated the Elasticsearch instance type misconfiguration in AWS using AWS CLI.
To remediate the Elasticsearch misconfiguration “Elasticsearch Should Use The Desired Instance Type” in AWS using Python, you can follow these steps:
  1. Define the desired instance type for Elasticsearch in your AWS account.
  2. Use the AWS SDK for Python (Boto3) to update the Elasticsearch domain’s instance type to the desired instance type.
Here is an example code snippet that you can use to update the Elasticsearch domain’s instance type to the desired instance type:
import boto3

# Define the desired Elasticsearch instance type
desired_instance_type = 'm5.large.elasticsearch'

# Connect to the Elasticsearch service using Boto3
es_client = boto3.client('es')

# Get the list of Elasticsearch domains in your AWS account
es_domains = es_client.list_domain_names()['DomainNames']

# Loop through each Elasticsearch domain and update its instance type to the desired instance type
for es_domain in es_domains:
    es_domain_name = es_domain['DomainName']
    es_domain_status = es_client.describe_elasticsearch_domain(DomainName=es_domain_name)['DomainStatus']
    current_instance_type = es_domain_status['ElasticsearchClusterConfig']['InstanceType']
    if current_instance_type != desired_instance_type:
        es_client.update_elasticsearch_domain_config(
            DomainName=es_domain_name,
            ElasticsearchClusterConfig={
                'InstanceType': desired_instance_type
            }
        )
        print(f"Updated Elasticsearch domain '{es_domain_name}' instance type from '{current_instance_type}' to '{desired_instance_type}'.")
    else:
        print(f"Elasticsearch domain '{es_domain_name}' instance type is already set to '{desired_instance_type}'.")
This code will loop through each Elasticsearch domain in your AWS account, check its current instance type, and update it to the desired instance type if it is not already set to that value. Note that you will need to have the appropriate AWS credentials configured to run this code.

Additional Reading:

I