AWS Elasticsearch is not configured inside a VPC

Description

AWS Elasticsearch domains that reside within a VPC have an extra layer of security when compared to ES domains that use public endpoints. Launching an Amazon ES cluster within an AWS VPC enables secure communication between the ES cluster (domain) and other AWS services without the need for an Internet Gateway, a NAT device or a VPN connection and all traffic remains secure within the AWS Cloud.

Code Example

resource "aws_elasticsearch_domain" "es" {
          domain_name           = var.domain
          elasticsearch_version = "6.3"
        
          cluster_config {
            instance_type = "m4.large.elasticsearch"
          }
        
+         vpc_options {
+           subnet_ids = [
+             data.aws_subnet_ids.selected.ids[0],
+             data.aws_subnet_ids.selected.ids[1],
+           ]
        
            security_group_ids = [aws_security_group.es.id]
          }
        
        }

Remediation

Terraform

Resource: aws_elasticsearch_domain
Arguments: vpc_options

Rule Details

Field	Value
ID	IAC-0187
Severity	LOW
IaC Type	Terraform
Frameworks	Terraform, TerraformPlan
Checkov ID	CKV_AWS_137

References

Checkov Rule

Overview

SAST (Application Security)

SCA (Dependencies)

Secrets Detection

IaC Security

License Compliance

SAST Rules

IaC Rules

License Rules

AWS Elasticsearch is not configured inside a VPC

Description

Code Example

Remediation

Rule Details

References

SAST Rules

IaC Rules

License Rules

AWS Elasticsearch is not configured inside a VPC ​

Description ​

Code Example ​

Remediation ​

Rule Details ​

References ​

AWS Elasticsearch is not configured inside a VPC

Description

Code Example

Remediation

Rule Details

References