Network misconfigurations

Security group allows inbound access to TCP port 9200 or port 9300 (Elasticsearch)

Description

An AWS Security Group acts as a virtual firewall for your instances to control inbound and outbound traffic. We identified the security group ""{AwsEc2SecurityGroup}"" ({AwsEc2SecurityGroup.GroupId}) is configured to allow inbound access to TCP port 9200 (Elasticsearch HTTP traffic) or port 9300 (Elasticsearch inter-node communication) from any IP address (0.0.0.0/0 or ::/0).
  • Recommended Mitigation

    Ensure security groups in your account are configured to allow access to TCP ports 9200 and 9300 (Elasticsearch) from specific IP addresses only. More details can be found in <a href="https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/authorizing-access-to-an-instance.html" target="_blank" rel="noopener noreferrer">https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/authorizing-access-to-an-instance.html</a>