AWS Elasticsearch does not have node-to-node encryption enabled

Description

The AWS Elasticsearch Service allows you to host sensitive workloads with node-to-node encryption using Transport Layer Security (TLS) for all communications between instances in a cluster. Node-to-node encryption ensures that any data sent to the Amazon Elasticsearch Service domain over HTTPS remains encrypted in-flight while it is being distributed and replicated between the nodes.

Code Example

resource "aws_elasticsearch_domain" "example" {
  ...
  node_to_node_encryption {
    enabled = true
  }
}

Remediation

Terraform

To fix this issue, ensure that the `node_to_node_encryption` block in the `aws_elasticsearch_domain` or `aws_opensearch_domain` resource is configured with `enabled` set to `true`.

Example:

Rule Details

Field	Value
ID	IAC-0060
Severity	MEDIUM
IaC Type	Cloudformation
Frameworks	CloudFormation,
Checkov ID	CKV_AWS_6

References

Checkov Rule

Overview

SAST (Application Security)

SCA (Dependencies)

Secrets Detection

IaC Security

License Compliance

SAST Rules

IaC Rules

License Rules

AWS Elasticsearch does not have node-to-node encryption enabled

Description

Code Example

Remediation

Rule Details

References

SAST Rules

IaC Rules

License Rules

AWS Elasticsearch does not have node-to-node encryption enabled ​

Description ​

Code Example ​

Remediation ​

Rule Details ​

References ​

AWS Elasticsearch does not have node-to-node encryption enabled

Description

Code Example

Remediation

Rule Details

References