AWS Elasticsearch domain does not use an updated TLS policy
Description
The Transport Layer Security (TLS) protocol secures transmission of data between servers and web browsers, over the Internet, using standard encryption technology. To follow security best practices and the latest PCI compliance standards, enable the latest version of TLS protocol (i.e. TLS 1.2) for all your AWS Elasticsearch domains.
Code Example
go
resource "aws_elasticsearch_domain" "pass" {
domain_name = "pass"
domain_endpoint_options {
enforce_https = false
tls_security_policy = "Policy-Min-TLS-1-2-2019-07"
}
cluster_config {
instance_count = 2
}
encrypt_at_rest {
enabled = false
}
node_to_node_encryption {
enabled = false
}
}Remediation
Terraform
Rule Details
| Field | Value |
|---|---|
| ID | IAC-0276 |
| Severity | LOW |
| IaC Type | Terraform |
| Frameworks | Terraform |
| Checkov ID | CKV_AWS_228 |