AWS all data stored in the Elasticsearch domain is not encrypted using a Customer Managed Key (CMK)

Description

This policy identifies Elasticsearch domain which are encrypted with default KMS keys and not with Keys managed by Customer. It is a best practice to use customer managed KMS Keys to encrypt your Elasticsearch domain data. It gives you full control over the encrypted data.

Code Example

resource "aws_elasticsearch_domain" "pass" {
  domain_name = "example"

  cluster_config {
    instance_type = "r5.large.elasticsearch"
  }

  encrypt_at_rest {
    kms_key_id = aws_kms_key.example.arn
  }
}

Remediation

Terraform

Rule Details

Field	Value
ID	IAC-0295
Severity	LOW
IaC Type	Terraform
Frameworks	Terraform
Checkov ID	CKV_AWS_247

References

Checkov Rule

Overview

SAST (Application Security)

SCA (Dependencies)

Secrets Detection

IaC Security

License Compliance

SAST Rules

IaC Rules

License Rules

AWS all data stored in the Elasticsearch domain is not encrypted using a Customer Managed Key (CMK)

Description

Code Example

Remediation

Rule Details

References

SAST Rules

IaC Rules

License Rules

AWS all data stored in the Elasticsearch domain is not encrypted using a Customer Managed Key (CMK) ​

Description ​

Code Example ​

Remediation ​

Rule Details ​

References ​

AWS all data stored in the Elasticsearch domain is not encrypted using a Customer Managed Key (CMK)

Description

Code Example

Remediation

Rule Details

References