Elasticsearch Logs Disabled

Query id: a1120ee4-a712-42d9-8fb5-22595fed643b
Query name: Elasticsearch Logs Disabled
Platform: Pulumi
Severity: Medium
Category: Observability
URL: Github

Description¶

AWS Elasticsearch should have logs enabled
Documentation

Code samples¶

Code samples with security vulnerabilities¶

Positive test num. 1 - yaml file

< ru de re

Positive test num. 2 - yaml file

< ru de re

Positive test num. 3 - yaml file

< ru de re

/span>

name: aws-eks ntime: yaml scription: An EKS cluster sources: exampleLogGroup: type: aws:cloudwatch:LogGroup exampleLogResourcePolicy: type: aws:cloudwatch:LogResourcePolicy properties: policyName: example policyDocument: ${examplePolicyDocument.json} exampleDomain: type: aws:elasticsearch:Domain class="w">    properties: elasticsearchVersion: "7.10" elasticsearchClusterConfig: instanceType: "t2.small.elasticsearch" instanceCount: 1 ebsOptions: ebsEnabled: true volumeType: "gp2" volumeSize: 10 >variables: examplePolicyDocument: fn::invoke: Function: aws:iam:getPolicyDocument Arguments: statements: - effect: Allow principals: - type: Service identifiers: - es.amazonaws.com actions: - logs:PutLogEvents - logs:PutLogEventsBatch - logs:CreateLogStream resources: - arn:aws:logs:* /span>name: aws-eks ntime: yaml scription: An EKS cluster sources: exampleLogGroup: type: aws:cloudwatch:LogGroup exampleLogResourcePolicy: type: aws:cloudwatch:LogResourcePolicy properties: policyName: example policyDocument: ${examplePolicyDocument.json} exampleDomain: type: aws:elasticsearch:Domain properties: logPublishingOptions: - cloudwatchLogGroupArn: ${exampleLogGroup.arn} class="w">          logType: INDEX_SLOW_LOGS - cloudwatchLogGroupArn: ${exampleLogGroup.arn} logType: SEARCH_SLOW_LOGS enabled: true >variables: examplePolicyDocument: fn::invoke: Function: aws:iam:getPolicyDocument Arguments: statements: - effect: Allow principals: - type: Service identifiers: - es.amazonaws.com actions: - logs:PutLogEvents - logs:PutLogEventsBatch - logs:CreateLogStream resources: - arn:aws:logs:* /span>name: aws-eks ntime: yaml scription: An EKS cluster sources: exampleLogGroup: type: aws:cloudwatch:LogGroup exampleLogResourcePolicy: type: aws:cloudwatch:LogResourcePolicy properties: policyName: example policyDocument: ${examplePolicyDocument.json} exampleDomain: type: aws:elasticsearch:Domain properties: logPublishingOptions: - cloudwatchLogGroupArn: ${exampleLogGroup.arn} logType: INDEX_SLOW_LOGS class="w">          enabled: false class="nt">variables: examplePolicyDocument: fn::invoke: Function: aws:iam:getPolicyDocument Arguments: statements: - effect: Allow principals: - type: Service identifiers: - es.amazonaws.com actions: - logs:PutLogEvents - logs:PutLogEventsBatch - logs:CreateLogStream resources: - arn:aws:logs:*
Code samples without security vulnerabilities¶
Negative test num. 1 - yaml filename: aws-eks
runtime: yaml
description: An EKS cluster
resources:
  exampleLogGroup:
    type: aws:cloudwatch:LogGroup
  exampleLogResourcePolicy:
    type: aws:cloudwatch:LogResourcePolicy
    properties:
      policyName: example
      policyDocument: ${examplePolicyDocument.json}
  exampleDomain:
    type: aws:elasticsearch:Domain
    properties:
      logPublishingOptions:
        - cloudwatchLogGroupArn: ${exampleLogGroup.arn}
          logType: INDEX_SLOW_LOGS
          enabled: true
variables:
  examplePolicyDocument:
    fn::invoke:
      Function: aws:iam:getPolicyDocument
      Arguments:
        statements:
          - effect: Allow
            principals:
              - type: Service
                identifiers:
                  - es.amazonaws.com
            actions:
              - logs:PutLogEvents
              - logs:PutLogEventsBatch
              - logs:CreateLogStream
            resources:
              - arn:aws:logs:*