OpenSearch (Elasticsearch) domain does not require TLS 1.2 encryption

Data protection

OpenSearch (Elasticsearch) domain does not require TLS 1.2 encryption

Risk Level

Informational (4)

Platform(s)

Compliance Frameworks

AWS Foundational Security Best Practices Controls
Brazilian General Data Protection (LGPD)
CCPA
coppa
CPRA
GDPR
HITRUST
ISO/IEC 27001
mpa
New Zealand Information Security Manual
NIST 800-171
NIST 800-53
PDPA

Description

Amazon OpenSearch Service (Amazon Elasticsearch Service successor) is a managed service that simplifies the deployment, operation, and scaling of OpenSearch clusters in AWS Cloud. It was found that the OpenSearch (Elasticsearch) domain {AwsElasticSearch} does not accept only secured HTTPS connection or TLS version 1.2. Allowing only HTTPS connections can help against attacks such as person-in-the-middle, eavesdrop or manipulating network traffic. TLS 1.2 also contains enhancements over previous TLS versions.

Recommended Mitigation

It is recommended to allow only encrypted HTTPS connections and set 'TLSSecurityPolicy' to Policy-Min-TLS-1-2-2019-07 at the OpenSearch (Elasticsearch) domain {AwsElasticSearch}.

OpenSearch (Elasticsearch) domain does not require TLS 1.2 encryption

Description

Need help?

CLOUD SECURITY PLATFORM

TECHNOLOGY ECOSYSTEM

By Solution

By Industry

COMPARISONS