Ensure AWS Cloudsearch uses HTTPS

Error: AWS Cloudsearch does not use HTTPS

Bridgecrew Policy ID: BC_AWS_GENERAL_119
Checkov Check ID: CKV_AWS_220
Severity: LOW

AWS Cloudsearch does not use HTTPS

Description

CloudSearch is a managed search service for your web service. CloudSearch Domains allow you to enforce that requests come over HTTPS, encrypting those requests.

Fix - Runtime

  1. In the AWS Console, go to CloudSearch.
  2. Select the domain you wish to edit.
  3. Under Domain configuration, next to HTTPS options, select Edit.
  4. Enable Toggle HTTPS options.
  5. Select Submit.

Fix - Buildtime

Terraform

resource "aws_cloudsearch_domain" "example" {
...
+   endpoint_options {
+     enforce_https = true
+   }
...
}