Elasticsearch Log Disabled

• Query id: acb6b4e2-a086-4f35-aefd-4db6ea51ada2
• Query name: Elasticsearch Log Disabled
• Platform: Terraform
• Severity: Medium
• Category: Observability
• CWE: 778
• URL: Github

Description

AWS Elasticsearch should have logs enabled
Documentation

Code samples

Code samples with security vulnerabilities

Positive test num. 1 - tf file

resource "aws_elasticsearch_domain" "positive1" {

  log_publishing_options {
    cloudwatch_log_group_arn = aws_cloudwatch_log_group.example.arn
    log_type                 = "INDEX_SLOW_LOGS"
    enabled                  = false
  }
}

Positive test num. 2 - tf file

resource "aws_elasticsearch_domain" "positive2" {
  domain_name           = "example"
  elasticsearch_version = "1.5"

  cluster_config {
    instance_type = "r4.large.elasticsearch"
  }

  snapshot_options {
    automated_snapshot_start_hour = 23
  }

  tags = {
    Domain = "TestDomain"
  }
}

Code samples without security vulnerabilities

Negative test num. 1 - tf file

resource "aws_elasticsearch_domain" "negative1" {

  log_publishing_options {
    cloudwatch_log_group_arn = aws_cloudwatch_log_group.example.arn
    log_type                 = "INDEX_SLOW_LOGS"
    enabled                  = true //for default its true
  }
}