Ensure AWS Elasticsearch domains have EnforceHTTPS enabled
Error: AWS Elasticsearch domains do not have EnforceHTTPS enabled
Bridgecrew Policy ID: BC_AWS_ELASTICSEARCH_6
Checkov Check ID: CKV_AWS_83
AWS Elasticsearch domains do not have EnforceHTTPS enabled
Amazon Elasticsearch Service (Amazon ES) allows you to build applications without setting up and maintaining your own search celuster on Amazon EC2. Amazon ES allows you to configure your domains to require that all traffic be submitted over HTTPS. This ensures communications between your clients and your domain are encrypted.
We recommend you configure the minimum required TLS version to accept. This option is a useful additional security control to ensure your clients are not misconfigured.
Fix - Runtime
To change the policy using the AWS Console, follow these steps:
- Log in to the AWS Management Console at https://console.aws.amazon.com/.
- Open the Amazon Elasticsearch console.
- Open a domain.
- Select Actions > Modify encryptions
- Select Require HTTPS for all traffic to the domain.
- Click Submit.
Fix - Buildtime
Resources: Resource0: Type: 'AWS::Elasticsearch::Domain' Properties: ... DomainEndpointOptions: + EnforceHTTPS: True
Updated 4 months ago