Elasticsearch domain should only be accessible from an AWS VPC

This page is not yet available in Spanish. We are working on its translation.
If you have any questions or feedback about our current translation project, feel free to reach out to us!

Description

Ensure your Amazon Elasticsearch (ES) domain is only accessible from an AWS VPC.

Rationale

Using a VPC gives your Amazon ES domains an extra layer of security. Launching your clusters within a VPC ensures communication between your clusters and other AWS services is secure.

Remediation

Once a domain is created with a public endpoint, it cannot be switched to VPC access. Follow the Migrating from Public Access to VPC Access docs to learn how to create a new domain and either manually reindex or migrate your data.