AWS Elasticsearch uses the default security group

Description

Using the default security group for your Elasticsearch clusters can leave your clusters vulnerable to unauthorized access and other security threats. This is because the default security group has a number of inbound and outbound rules that allow traffic from any source, which can make it easier for attackers to gain access to your clusters.

By ensuring that AWS Elasticsearch does not use the default security group, you can help protect your clusters from unauthorized access and other security threats. Instead, you should create custom security groups that are tailored to your specific security needs, and use those for your Elasticsearch clusters. This can help you more effectively control access to your clusters and protect them from potential threats.

Buildtime - Fix

Terraform

resource "aws_elasticsearch_domain" "pass" {
  domain_name           = "example"
  elasticsearch_version = "7.10"

  cluster_config {
    instance_type = "r4.large.elasticsearch"
  }

  vpc_options {
    security_group_ids = ["sg_1234545"]
  }

  tags = {
    Domain = "TestDomain"
  }
}