The Elasticsearch domain should block unsigned requests over the public internet

문서 > Datadog 보안 > OOTB Rules > The Elasticsearch domain should block unsigned requests over the public internet

이 페이지는 아직 한국어로 제공되지 않으며 번역 작업 중입니다. 번역에 관한 질문이나 의견이 있으시면 언제든지 저희에게 연락해 주십시오.

Description

Update publicly accessible Amazon Elasticsearch domains to block unsigned requests.

Rationale

Updating your Amazon Elasticsearch domain to a private domain ensures your data cannot be accessed or altered by unauthorized users.

Remediation

OpenSearch

If you are using OpenSearch Service Domains, refer to Amazon’s guide for creating and managing Amazon OpenSearch Service domains for both console and CLI remediation actions.

From the console

Follow the Configuring Access Policies docs to learn how to update your publicly accessible Amazon Elasticsearch domains in the AWS Console.

From the command line

Create a new policy JSON document. You can follow the Amazon Elasticsearch templated policy to create a custom policy that grants domain access only to a specific IP.

ip-based-policy.json

    {
    ...
    "Statement": [
        ...
        "Action": "es:*",
        "Condition": {
            "IpAddress": {
            "aws:SourceIp": [
                "54.197.25.93/32"
            ]
            }
        },
        "Resource": "arn:aws:es:123456789123:
                    domain/es-cluster/*"
        }
    ]
    }
    

Run update-elasticsearch-domain-config using the name of the Elasticsearch domain created in the previous step.

ip-based-policy.json

    aws es update-elasticsearch-domain-config
        --domain-name es-cluster
        --access-policies file://ip-based-policy.json
    