Medium

Ensure Zone Awareness is enabled for OpenSearch clusters

Availability
Description

Enabling Zone Awareness in OpenSearch can enhance fault tolerance by distributing the data nodes of your OpenSearch cluster across two Availability Zones within the same AWS region. Note 1: The Zone Awareness feature in Amazon OpenSearch requires an even number of instances in the cluster configuration. Note 2: After enabling OpenSearch cross-zone replication, data replication for the cluster must be performed using the OpenSearch API by creating replica shards. To improve the availability of your OpenSearch clusters, it is recommended to enable AWS OpenSearch cross-zone replication (Zone Awareness). This feature allocates nodes and replicates data across two Availability Zones within the same region, thereby minimizing downtime and preventing data loss in the event of node or data center (AZ) failure.

Remediation

To ensure that OpenSearch Zone Awareness is enabled for your clusters, you can take the following remediation steps:

  1. Verify that your Amazon OpenSearch cluster has an even number of instances in its configuration.
  2. Enable OpenSearch cross-zone replication by creating a new Amazon OpenSearch cluster or modifying an existing cluster.
  3. Configure the OpenSearch domain to use multiple Availability Zones within the same AWS region. You can select the desired Availability Zones when creating or modifying the domain.
  4. Create replica shards using the OpenSearch API to replicate data across the Availability Zones.
  5. Monitor the performance and availability of the OpenSearch cluster to ensure that it is functioning as expected.

By following these remediation steps, you can ensure that OpenSearch Zone Awareness is enabled for your clusters, thereby improving their fault tolerance and availability. This can help prevent data loss and minimize downtime in the event of node or data center (AZ) failure.

Enforced Resources
Note: Remediation steps provided by Lightlytics are meant to be suggestions and guidelines only. It is crucial to thoroughly verify and test any remediation steps before applying them to production environments. Each organization's infrastructure and security needs may differ, and blindly applying suggested remediation steps without proper testing could potentially cause unforeseen issues or vulnerabilities. Therefore, it is strongly recommended that you validate and customize any remediation steps to meet your organization's specific requirements and ensure that they align with your security policies and best practices.

Step into the Future of SecOps