Detections
Analytics

Ensure advanced security options are enabled for AWS ElasticSearch Domain

HIGH

Description

AWS ElasticSearch Domain has disabled advanced security options. This may lead to unauthorized access.

Remediation

In AWS Console -

  1. Sign in to the AWS Console and open the OpenSearch Console.
  2. Under Managed clusters in the navigation bar, select Domains.
  3. Choose the domain to edit, and under the Actions drop-down, select Edit security configuration.
  4. Under Fine-grained access control, check the box for Enable fine-grained access control.
  5. Set the Master user configuration as needed.
  6. Select Save changes.

In Terraform -

  1. In the aws_elasticsearch_domain resource, set the advanced_security_options field enabled to true (Note: this forces a new resource).

References:
https://docs.aws.amazon.com/opensearch-service/latest/developerguide/fgac.html
https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/elasticsearch_domain#advanced_security_options

Policy Details

Rule Reference ID: AC_AWS_0116
CSP: AWS
Remediation Available: Yes
Domain: Infrastructure Security
Resource: aws_elasticsearch_domain
Resource Category: Analytics
Resource Type: ElasticSearch Service

Frameworks