Ensure public access is disabled for AWS ElasticSearch Domains - aws_elasticsearch_domain_policy

HIGH

Description

Allowing unrestricted, public access to cloud services could open an application up to external attack. Disallowing this access is typically considered best practice.

Remediation

AWS OpenSearch (formerly ElasticSearch) can be configured to use IAM policies similar to most other Amazon services. To learn more about how to configure IAM policies to use with OpenSearch, see the AWS documentation (below).

In Terraform -

In the aws_elasticsearch_domain resource, set the access_policies field with the IAM policy accordingly.

References:
https://docs.aws.amazon.com/opensearch-service/latest/developerguide/ac-managed.html
https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/elasticsearch_domain

Policy Details

Rule Reference ID: AC_AWS_0118

CSP: AWS

Remediation Available: Yes

Domain: Identity and Access Management

Resource: aws_elasticsearch_domain_policy

Resource Category: Analytics

Resource Type: ElasticSearch Service

Frameworks

GDPR
HIPAA
ISO-27001
NIST-800-171
NIST-800-53
NIST-CSF
PCI-DSSv3.2.1
PCI-DSSv4.0