OpenSearch domains should have Audit Logging enabled

このページは日本語には対応しておりません。随時翻訳に取り組んでいます。翻訳に関してご質問やご意見ございましたら、お気軽にご連絡ください。

Description

This check determines if audit logging is enabled for Amazon OpenSearch Service domains, and is configured to send logs to Amazon CloudWatch Logs. Audit logs are crucial for recording detailed information about access and changes to OpenSearch resources, enabling you to track user activities, detect suspicious behavior, and ensure compliance with security policies and regulatory requirements.

Remediation

To enable audit logging for an Amazon OpenSearch Service domain, refer to the Configuring Amazon OpenSearch Service to Enable Audit Logging section of the Amazon OpenSearch Service Developer Guide.