ElasticSearch Not Encrypted At Rest

Query id: 24e16922-4330-4e9d-be8a-caa90299466a
Query name: ElasticSearch Not Encrypted At Rest
Platform: Terraform
Severity: High
Category: Encryption
CWE: 311
URL: Github

Description¶

Check if ElasticSearch encryption is disabled at Rest
Documentation

Code samples¶

Code samples with security vulnerabilities¶

Positive test num. 1 - tf file

resource "aws_elasticsearch_domain" "positive1" {
  domain_name           = "example"
  elasticsearch_version = "1.5"
}

resource "aws_elasticsearch_domain" "positive2" {
  domain_name           = "example"
  elasticsearch_version = "1.5"

  encrypt_at_rest {
      enabled = false
  }
}

Code samples without security vulnerabilities¶

Negative test num. 1 - tf file

resource "aws_elasticsearch_domain" "negative1" {
  domain_name           = "example"
  elasticsearch_version = "1.5"

  encrypt_at_rest {
      enabled = true
  }
}