In the domain's Overview page, check the Cluster health, which displays status indicators (green, yellow, red) for your domain. Monitoring this status helps ensure the cluster is operating optimally.
Performance Metrics:
Under the Monitoring tab, review metrics such as CPU utilization, Free storage space, JVMMemoryPressure, and Indexing/Query latency. These metrics provide insights into the cluster's operational state.
Logging:
In the Logs section, verify if Index slow logs, Search slow logs, and Error logs are enabled and sent to Amazon CloudWatch Logs. Proper logging supports operational excellence by helping you identify and troubleshoot performance issues.
Snapshots:
Select Snapshots to check if Automated snapshots are enabled for data recovery purposes. Snapshots provide an operational mechanism for disaster recovery.
In the Security section, review the Access policies to verify that the domain has the appropriate policies in place. Ensure that access to the domain is restricted to specific IP addresses, VPCs, or IAM roles following the principle of least privilege.
Encryption:
Under the Security section, check for Encryption at rest and Node-to-node encryption. Verify that Encryption at rest is enabled using AWS KMS and that Node-to-node encryption is enabled to protect data as it moves between nodes in the cluster.
Network Configuration:
In the Network section, verify that the domain is configured within a VPC. A VPC deployment ensures that the domain is isolated from the public internet, enhancing security.
Fine-Grained Access Control:
Review Fine-grained access control settings to check if Master user and Amazon Cognito authentication are enabled. Fine-grained access control allows you to specify access permissions at the index, document, and field level.
Under Cluster configuration, verify the Instance type and Instance count. Ensure that there are multiple nodes (data, master) to provide redundancy and prevent a single point of failure.
Multi-AZ Deployment:
Check if Zone Awareness is enabled in the Network section. Enabling zone awareness ensures that nodes are distributed across multiple Availability Zones, increasing fault tolerance.
Snapshots:
In the Snapshots section, verify if Automated snapshots are configured. Regular snapshots provide a recovery mechanism in case of failures, contributing to the reliability of your data.
Monitoring and Alarms:
Ensure that CloudWatch Alarms are set up for key metrics like CPU Utilization, JVMMemoryPressure, and Disk Usage. Proactive monitoring with alarms helps detect and address potential issues promptly.
In the Cluster configuration section, review the Instance types and EBS storage settings. Choose instance types and storage volumes that match your workload's needs without over-provisioning resources.
Auto-Tune:
Check if Auto-Tune is enabled in the Configuration section. Auto-Tune automatically adjusts cluster resources based on workload requirements, optimizing costs by using resources more efficiently.
Data Retention:
Review Index management settings to ensure that old or infrequently accessed data is appropriately archived or deleted. Reducing the number of active indexes can help lower storage costs.
Snapshots:
In the Snapshots section, configure automated snapshot retention policies to avoid retaining unnecessary snapshots. This practice helps manage storage costs by reducing the number of stored backups.
Under the Cluster configuration section, check the Instance type to ensure that it aligns with your workload's performance requirements. Select instances with appropriate memory and CPU configurations to handle indexing and querying efficiently.
Dedicated Master Nodes:
Verify if Dedicated master nodes are configured in the Cluster configuration. Dedicated master nodes offload cluster management tasks, helping maintain cluster performance, especially in large-scale deployments.
Shard Management:
In the Index management settings, review the number of Shards per index. Properly managing shards ensures that resources are used efficiently and that the cluster can scale as data volume increases.
Auto-Tune:
If Auto-Tune is enabled, it automatically monitors and optimizes cluster configurations based on usage patterns, helping maintain performance without manual intervention.
Network Configuration:
In the Network section, ensure that the domain is within a VPC and has the necessary subnets and security groups configured for optimal network performance.
Utilize CloudWatch (accessible via the Monitoring tab) to set up alarms and dashboards for critical metrics. Monitoring with CloudWatch helps maintain operational visibility and performance efficiency.
Log in to the AWS Management Console of securitytooling account.
AWS Config and Security Hub:
If AWS Config and Security Hub are enabled, review compliance findings related to OpenSearch Service to ensure configurations adhere to security and operational best practices.