ElasticSearch Not Encrypted At Rest

  • Query id: 24e16922-4330-4e9d-be8a-caa90299466a
  • Query name: ElasticSearch Not Encrypted At Rest
  • Platform: Terraform
  • Severity: High
  • Category: Encryption
  • CWE: 311
  • URL: Github

Description

Check if ElasticSearch encryption is disabled at Rest
Documentation

Code samples

Code samples with security vulnerabilities

Positive test num. 1 - tf file
resource "aws_elasticsearch_domain" "positive1" {
  domain_name           = "example"
  elasticsearch_version = "1.5"
}

resource "aws_elasticsearch_domain" "positive2" {
  domain_name           = "example"
  elasticsearch_version = "1.5"

  encrypt_at_rest {
      enabled = false
  }
}

Code samples without security vulnerabilities

Negative test num. 1 - tf file
resource "aws_elasticsearch_domain" "negative1" {
  domain_name           = "example"
  elasticsearch_version = "1.5"

  encrypt_at_rest {
      enabled = true
  }
}