Ensure Elasticsearch domains are not publicly accessible

Error: Elasticsearch domains are publicly accessible

Bridgecrew Policy ID: BC_AWS_PUBLIC_3
Severity: HIGH

Elasticsearch domains are publicly accessible

Description

AWS Elasticsearch should not be publicly accessible from the internet. This is to protect data from unauthorized user access, data loss and possible leakage of sensitive data.

Fix - Runtime

AWS Console

To change the policy using the AWS Console, follow these steps:

  1. Log in to the AWS Management Console at https://console.aws.amazon.com/.
  2. Change the access control policy and security groups to make the ES endpoint private.
  3. Allow only a specific list of IP addresses.
  4. Once the Elastic Search endpoint is not publicly accessible, Bridgecrew will automatically close the issue.
  5. You can request an exception from the policy violation details page.
  6. SecOps will review, involving DSO if required, and grant exception, then Bridgecrew will automatically ignore this resource until the expiry of the exception.