Sends a report of AWS ElasticSearch domains which allows access to unauthorized cross users. Allowing untrustworthy cross account access to your AWS ES clusters can lead to unauthorized actions such as uploading, downloading and deleting documents without permission.
Sends a report if encryption at rest is not enabled for your AWS elasticSearch domains. Encryption of data at rest helps prevent unauthorized users from reading sensitive information available on your ES domains (clusters) and their storage systems.
Sends a report if your AWS elasticSearch cluster is using default AWS key instead of KMS Customer Master Keys (CMKs) for encryption. When you use your own KMS Customer Master Keys you have full control over who can use these keys to access the clusters data.
A failed AWS ES RI is an unsuccessful reservation that receives the "payment-failed" status during the purchasing process. Elasticsearch Reserved Instances can provide significant cost savings (up to 52% discount). However, to receive the discount benefit you need to make sure that all your AWS ES reservation purchases have been successfully completed.
Sends a report if your AWS elasticSearch domains are not running in VPC. AWS VPCs are for better flexibility and control over the clusters access and security. AWS Elasticsearch domains that reside within a VPC have an extra layer of security when compared to ES domains that use public endpoints.
A pending AWS Elasticsearch Reserved Instance is an incomplete reservation that receives the "payment-pending" status during the purchasing process due to issues with the payment method. Using Reserved Instances is one of the best cost optimization strategies when working with AWS Elasticsearch service. To fully receive the discount benefit, make sure that all your Elasticsearch reservation purchases have been fully processed.
Sends a report if node to node encryption is not enabled for your AWS elasticSearch domains. ElasticSearch node-to-node encryption capability provides the additional layer of security by implementing Transport Layer Security (TLS) for all communications between the nodes provisioned within the cluster.
By verifying your Elasticsearch Reserved Instance purchases on a regular basis you can detect and cancel any unwanted purchases placed accidentally or intentionally within your AWS account in order to avoid unexpected charges on your AWS bill.