Ensure AWS Cloudsearch uses the latest (Transport Layer Security) TLS
Error: AWS Cloudsearch does not use the latest (Transport Layer Security) TLS
Bridgecrew Policy ID: BC_AWS_GENERAL_135
Checkov Check ID: CKV_AWS_218
Severity: LOW
AWS Cloudsearch does not use the latest (Transport Layer Security) TLS
Description
The Transport Layer Security (TLS) protocol secures transmission of data between servers and web browsers, over the Internet, using standard encryption technology. To follow security best practices and the latest PCI compliance standards, enable the latest version of TLS protocol (i.e. TLS 1.2) for all your AWS Cloudsearch domains.
Fix - Runtime
Fix - Buildtime
Terraform
resource "aws_cloudsearch_domain" "pass" {
name = "example-domain"
scaling_parameters {
desired_instance_type = "search.medium"
}
index_field {
name = "headline"
type = "text"
search = true
return = true
sort = true
highlight = false
analysis_scheme = "_en_default_"
}
index_field {
name = "price"
type = "double"
search = true
facet = true
return = true
sort = true
}
endpoint_options {
enforce_https = false
tls_security_policy = "Policy-Min-TLS-1-2-2019-07"
}
}
Updated 5 months ago