Sends a report of Elastic Search domains if the total number of instances reach the threshold limit(10). Monitoring and configuring limits for the maximum number of Elasticsearch (ES) instances provisioned within your AWS account will help you to manage better your Elasticsearch compute resources.
Setting limits for the type of AWS ElasticSearch instances will help you address internal compliance requirements and prevent unexpected charges on your AWS bill. Ensure that your existing AWS instances and dedicated master have the desired type established by your organization based on the caching workload required.
Sends a report of AWS ElasticSearch domains which allows access to unauthorized cross users. Allowing untrustworthy cross account access to your AWS ES clusters can lead to unauthorized actions such as uploading, downloading and deleting documents without permission.
Sends a report if encryption at rest is not enabled for your AWS elasticSearch domains. Encryption of data at rest helps prevent unauthorized users from reading sensitive information available on your ES domains (clusters) and their storage systems.
Sends a report if your AWS elasticSearch cluster is using default AWS key instead of KMS Customer Master Keys (CMKs) for encryption. When you use your own KMS Customer Master Keys you have full control over who can use these keys to access the clusters data.
Sends a report if your AWS elasticSearch domains are not running in VPC. AWS VPCs are for better flexibility and control over the clusters access and security. AWS Elasticsearch domains that reside within a VPC have an extra layer of security when compared to ES domains that use public endpoints.
A pending AWS Elasticsearch Reserved Instance is an incomplete reservation that receives the "payment-pending" status during the purchasing process due to issues with the payment method. Using Reserved Instances is one of the best cost optimization strategies when working with AWS Elasticsearch service. To fully receive the discount benefit, make sure that all your Elasticsearch reservation purchases have been fully processed.
Sends a report if node to node encryption is not enabled for your AWS elasticSearch domains. ElasticSearch node-to-node encryption capability provides the additional layer of security by implementing Transport Layer Security (TLS) for all communications between the nodes provisioned within the cluster.
By verifying your Elasticsearch Reserved Instance purchases on a regular basis you can detect and cancel any unwanted purchases placed accidentally or intentionally within your AWS account in order to avoid unexpected charges on your AWS bill.