OpenSearch domain connections should be encrypted using the latest TLS security policy

このページは日本語には対応しておりません。随時翻訳に取り組んでいます。翻訳に関してご質問やご意見ございましたら、お気軽にご連絡ください。

Description

This control checks whether an Amazon OpenSearch Service domain endpoint is configured to use the latest TLS security policy, Policy-Min-TLS-1-2-PFS-2023-10. The control fails if the endpoint is not using this policy or if HTTPS is not enabled. Enforcing the latest version of TLS 1.2 helps secure data in transit by preventing eavesdropping and manipulation through man-in-the-middle attacks.

Remediation

To configure your Amazon OpenSearch Service domain endpoint to use the latest TLS security policy, refer to the Requiring HTTPS for Amazon OpenSearch Service Domains section of the Amazon OpenSearch Service Developer Guide.