Detections
Analytics

Ensure latest version of elasticsearch engine is used for AWS ElasticSearch Domains

MEDIUM

Description

Using older version of elasticsearch engine for your AWS ElasticSearch domains goes against compliance.

Remediation

In AWS Console -

  1. Sign in to the AWS Console and open the OpenSearch Console.
  2. Under Managed clusters in the navigation bar, select Domains.
  3. Choose the domain to edit, and under the Actions drop-down on the domain information page, select Upgrade.

In Terraform -

  1. In the aws_elasticsearch_domain resource, set the elasticsearch_version field to the most recent version.

References:
https://docs.aws.amazon.com/opensearch-service/latest/developerguide/version-migration.html
https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/elasticsearch_domain

Policy Details

Rule Reference ID: AC_AWS_0109
CSP: AWS
Remediation Available: Yes
Domain: Compliance Validation
Resource: aws_elasticsearch_domain
Resource Category: Analytics
Resource Type: ElasticSearch Service

Frameworks