AWS Config Rule: Elasticsearch Logs to CloudWatch

ELASTICSEARCH_LOGS_TO_CLOUDWATCH

Ryan Ware

Last Update vor einem Jahr

Description: Checks if Elasticsearch domains are configured to send logs to Amazon CloudWatch Logs. The rule is COMPLIANT if a log is enabled for an Elasticsearch domain. This rule is NON_COMPLIANT if logging is not configured.


Trigger type: Configuration changes


AWS Region: All supported AWS regions except Asia Pacific (Hyderabad), Asia Pacific (Melbourne), Europe (Spain), Europe (Zurich) Region


Note: The rule does not evaluate Amazon OpenSearch Service domains.

How to Resolve Manually

This config rule checks if an ElasticSearch Domain is configured to send logs to CloudWatch service. If logging is not configured for an Elasticearch domain, the rule will be marked as non-compliant.


In order to resolve this, you will need to first head on over to the Amazon ElasticSearch Service within your AWS Console. Ensure to select the correct region from where your ElasticSearch domain is located.

Once there, choose the domain you want to configure logging for and and enable the desired CloudWatch logs from the Logs tab. By clicking the Log Type and then clicking on Enable, we can create a new Log Group and Policy required to setup logging. Check the following picture for further reference:

Note that this rule will become compliant if any of the available log types is enabled.


Want to know more about StackZone and how to make your cloud management simple and secure?

Check our how it works section with easy to follow videos or just create your own StackZone Account here

Was this article helpful?

0 out of 0 liked this article

Still need help? Message Us