- 필수 기능
- 시작하기
- Glossary
- 표준 속성
- Guides
- Agent
- 통합
- 개방형텔레메트리
- 개발자
- Administrator's Guide
- API
- Datadog Mobile App
- CoScreen
- Cloudcraft
- 앱 내
- 서비스 관리
- 인프라스트럭처
- 애플리케이션 성능
- APM
- Continuous Profiler
- 스팬 시각화
- 데이터 스트림 모니터링
- 데이터 작업 모니터링
- 디지털 경험
- 소프트웨어 제공
- 보안
- AI Observability
- 로그 관리
- 관리
ID: terraform-aws/aws-opensearch-encryption
Language: Terraform
Severity: Warning
Category: Security
This rule ensures that all Elasticsearch domains are configured to enforce Hypertext Transfer Protocol Secure (HTTPS). HTTPS is the secure version of HTTP, the protocol over which data is sent between your browser and the website that you are connected to. Enforcing HTTPS ensures that any data sent between your Elasticsearch domain and its clients is encrypted, which is crucial for preserving the integrity and confidentiality of the data.
The importance of this rule lies in the security of your Elasticsearch domains. Without enforcing HTTPS, data sent between your domain and its clients would be sent in plain text, which could be read by anyone who intercepts the data. This could lead to sensitive information being exposed, such as user credentials or personal data.
To avoid violating this rule, always ensure that the enforce_https
attribute within the domain_endpoint_options
block is set to true
when defining your aws_elasticsearch_domain
resources. This guarantees that all connections to your Elasticsearch domain are made securely over HTTPS. Additionally, enabling node_to_node_encryption
ensures that data is encrypted as it moves between nodes in your domain.
resource "aws_elasticsearch_domain" "mydomain" {
domain_name = "foobar"
domain_endpoint_options {
}
node_to_node_encryption {
}
}
resource "aws_elasticsearch_domain" "mydomain" {
domain_name = "foobar"
domain_endpoint_options {
enforce_https = false
}
node_to_node_encryption {
enabled = false
}
}
resource "aws_elasticsearch_domain" "mydomain" {
domain_name = "foobar"
domain_endpoint_options {
enforce_https = true
}
node_to_node_encryption {
enabled = true
}
}