Restrict Public Access to Elasticsearch Domains

Checks if Elasticsearch domains are configured within a VPC and not publicly accessible, enhancing security by reducing exposure to potential threats.

Rule	Elasticsearch domains should not be publicly accessible
Framework	AWS Foundational Security Best Practices
Severity	✔ Critical

Rule Description:

Elasticsearch domains should not be publicly accessible to ensure AWS Foundational Security Best Practices are followed. Publicly accessible Elasticsearch domains increase the risk of unauthorized access, data breaches, and other security threats. By making sure that Elasticsearch domains are not publicly accessible, the security of the data stored within them is enhanced.

Troubleshooting Steps:

If the Elasticsearch domain is found to be publicly accessible, follow these steps:

1.

Check Current Access Policies: Review the current access policies of the Elasticsearch domain to determine the source of public accessibility.

2.

Update Security Groups: Modify the security group associated with the domain to restrict access only to trusted sources.

3.

Enable VPC Endpoints: If feasible, enable VPC endpoints to allow secure communication within the virtual private cloud.

Necessary Codes:

If necessary, utilize the following AWS CLI command to update the access policy of the Elasticsearch domain:

aws es update-elasticsearch-domain-config --domain-name your-domain-name --access-policies your-access-policies-file.json

Remediation Steps:

Follow these steps to ensure that the Elasticsearch domain is not publicly accessible:

1.

Access AWS Console: Log in to the AWS Management Console.

2.

Open Amazon Elasticsearch Service: Navigate to the Amazon Elasticsearch Service dashboard.

3.

Select the Elasticsearch Domain: Choose the Elasticsearch domain that needs to be secured.

4.

Update Access Policy: a. In the domain settings, locate the "Network & Security" section. b. Modify the access policy to restrict access to authorized users or resources only.

5.

Save Changes: Ensure to save the changes to apply the updated access policy.

By securing the Elasticsearch domain and ensuring that it is not publicly accessible, the overall security posture of the AWS infrastructure is improved, aligning with AWS Foundational Security Best Practices.

Restrict Public Access to Elasticsearch Domains

.css-doq6ia{margin:0;font-family:Inter;font-weight:400;font-size:1.2857142857142858rem;line-height:1.5;color:#161857;text-align:left;font-size:26px;font-weight:700;margin-top:1rem;}Troubleshooting Steps:

.css-doq6ia{margin:0;font-family:Inter;font-weight:400;font-size:1.2857142857142858rem;line-height:1.5;color:#161857;text-align:left;font-size:26px;font-weight:700;margin-top:1rem;}Necessary Codes:

.css-doq6ia{margin:0;font-family:Inter;font-weight:400;font-size:1.2857142857142858rem;line-height:1.5;color:#161857;text-align:left;font-size:26px;font-weight:700;margin-top:1rem;}Remediation Steps:

Is your System Free of Underlying Vulnerabilities? Find Out Now

Troubleshooting Steps:

Necessary Codes:

Remediation Steps:

Is your System Free of Underlying Vulnerabilities?
Find Out Now