Data protection

Elasticsearch domain does not require TLS 1.2 encryption

Risk Level

Informational (4)

Platform(s)
Compliance Frameworks

Description

Amazon OpenSearch Service (Amazon Elasticsearch Service successor) is a managed service that simplifies the deployment, operation, and scaling of OpenSearch clusters in AWS Cloud. It was found that the Elasticsearch domain {AwsElasticSearch} does not accept only secured HTTPS connection or TLS version 1.2. Allowing only HTTPS connections can help against attacks such as person-in-the-middle, eavesdrop or manipulating network traffic. TLS 1.2 also contains enhancements over previous TLS versions.

  • Recommended Mitigation

    It is recommended to allow only encrypted HTTPS connections and set 'TLSSecurityPolicy' to Policy-Min-TLS-1-2-2019-07 at the Elasticsearch domain {AwsElasticSearch}.

Need help?

Get a free Security Risk Assessment. Start today

See Orca in action See Orca in action-> View a 10 minute recorded demo or sign up for a personalized one-on-one walk-through.