Ensure AWS Elasticsearch domain uses an updated TLS policy

Error: AWS Elasticsearch domain does not use an updated TLS policy

Bridgecrew Policy ID: BC_AWS_GENERAL_151
Checkov Check ID: CKV_AWS_228
Severity: LOW

AWS Elasticsearch domain does not use an updated TLS policy

Description

The Transport Layer Security (TLS) protocol secures transmission of data between servers and web browsers, over the Internet, using standard encryption technology. To follow security best practices and the latest PCI compliance standards, enable the latest version of TLS protocol (i.e. TLS 1.2) for all your AWS Elasticsearch domains.

Fix - Runtime

Fix - Buildtime

resource "aws_elasticsearch_domain" "pass" {
  domain_name = "pass"

  domain_endpoint_options {
    enforce_https       = false
    tls_security_policy = "Policy-Min-TLS-1-2-2019-07"
  }

  cluster_config {
    instance_count = 2
  }

  encrypt_at_rest {
    enabled = false
  }

  node_to_node_encryption {
    enabled = false
  }
}