Elasticsearch Domain Not Encrypted Node To Node
- Query id: 967eb3e6-26fc-497d-8895-6428beb6e8e2
- Query name: Elasticsearch Domain Not Encrypted Node To Node
- Platform: Terraform
- Severity: Medium
- Category: Encryption
- URL: Github
Description¶
Elasticsearch Domain encryption should be enabled node to node
Documentation
Code samples¶
Code samples with security vulnerabilities¶
Positive test num. 1 - tf file
resource "aws_elasticsearch_domain" "positive1" {
domain_name = "example"
elasticsearch_version = "1.5"
cluster_config {
instance_type = "r4.large.elasticsearch"
}
snapshot_options {
automated_snapshot_start_hour = 23
}
tags = {
Domain = "TestDomain"
}
}
Positive test num. 2 - tf file
resource "aws_elasticsearch_domain" "positive1" {
domain_name = "example"
elasticsearch_version = "1.5"
cluster_config {
instance_type = "r4.large.elasticsearch"
}
snapshot_options {
automated_snapshot_start_hour = 23
}
node_to_node_encryption {
enabled = false
}
tags = {
Domain = "TestDomain"
}
}
Code samples without security vulnerabilities¶
Negative test num. 1 - tf file
resource "aws_elasticsearch_domain" "negative1" {
domain_name = "example"
elasticsearch_version = "1.5"
cluster_config {
instance_type = "r4.large.elasticsearch"
}
snapshot_options {
automated_snapshot_start_hour = 23
}
node_to_node_encryption {
enabled = true
}
tags = {
Domain = "TestDomain"
}
}