ElasticSearch Encryption With KMS Disabled
- Query id: 7af2f4a3-00d9-47f3-8d15-ca0888f4e5b2
- Query name: ElasticSearch Encryption With KMS Disabled
- Platform: Terraform
- Severity: High
- Category: Encryption
- CWE: 326
- URL: Github
Description¶
Check if any ElasticSearch domain isn't encrypted with KMS.
Documentation
Code samples¶
Code samples with security vulnerabilities¶
Positive test num. 1 - tf file
resource "aws_elasticsearch_domain" "positive1" {
domain_name = "example"
elasticsearch_version = "1.5"
encrypt_at_rest {
enabled = true
}
}