AWS Config Rule: OpenSearch Data Node Fault Tolerance

Description: Checks if Amazon OpenSearch Service domains are configured with at least three data nodes and zoneAwarenessEnabled is true. The rule is NON_COMPLIANT for an OpenSearch domain if 'instanceCount' is less than 3 or 'zoneAwarenessEnabled' is set to 'false'.

Trigger type: Configuration changes

AWS Region: All supported AWS regions except China (Beijing), Asia Pacific (Jakarta), Africa (Cape Town), Middle East (UAE), Asia Pacific (Hyderabad), Asia Pacific (Osaka), Asia Pacific (Melbourne), Europe (Milan), AWS GovCloud (US-East), AWS GovCloud (US-West), Israel (Tel Aviv), Europe (Spain), China (Ningxia), Europe (Zurich) Region

This Config Rule verifies that Amazon OpenSearch Service domains have at least three data nodes. Domains with less than three instances configured will be marked as non-compliant.

In order to resolve this, you need to head on over Amazon OpenSearch Service within the AWS Console.

Look for the Domain that is not compliant, click on its name and then click on the Actions menu and finally select Edit cluster configuration.

From the configuration screen, locate the Deployment option(s) card, that should be the first one in the list. If the cluster is configured as Domain without standby, you can choose to deploy in 3 AZs to make the rule compliant. The other option is to choose Domain with standby, that will configure the cluster with a minimum of 3 availability zones. This setting will depend on your organization needs.

After selecting the node standby type, locate the Data nodes card. There you will need to configure at least 3 data nodes for the cluster.

Notice that for this particular setup with 3 AZs, you will also need to also define 3 subnets to successfully apply the changes.

Want to know more about StackZone and how to make your cloud management simple and secure?

Check our how it works section with easy to follow videos or just create your own StackZone Account here