Ensure AWS Elasticsearch does not use the default security group
Error: AWS Elasticsearch uses the default security group
Bridgecrew Policy ID: BC_AWS_NETWORKING_70
Checkov Check ID: CKV_AWS_248
Severity: LOW
AWS Elasticsearch uses the default security group
Description
Using the default security group for your Elasticsearch clusters can leave your clusters vulnerable to unauthorized access and other security threats. This is because the default security group has a number of inbound and outbound rules that allow traffic from any source, which can make it easier for attackers to gain access to your clusters.
By ensuring that AWS Elasticsearch does not use the default security group, you can help protect your clusters from unauthorized access and other security threats. Instead, you should create custom security groups that are tailored to your specific security needs, and use those for your Elasticsearch clusters. This can help you more effectively control access to your clusters and protect them from potential threats.
Buildtime - Fix
Terraform
resource "aws_elasticsearch_domain" "pass" {
domain_name = "example"
elasticsearch_version = "7.10"
cluster_config {
instance_type = "r4.large.elasticsearch"
}
vpc_options {
security_group_ids = ["sg_1234545"]
}
tags = {
Domain = "TestDomain"
}
}
Updated 9 months ago