OpenSearch domains should be deployed within a VPC

문서 > Datadog 보안 > OOTB Rules > OpenSearch domains should be deployed within a VPC

이 페이지는 아직 한국어로 제공되지 않으며 번역 작업 중입니다. 번역에 관한 질문이나 의견이 있으시면 언제든지 저희에게 연락해 주십시오.

Description

This control verifies if OpenSearch domains are deployed within a VPC. Note that this control does not assess the VPC network configuration to determine if the domain is publicly accessible.

Deploying OpenSearch domains within a VPC allows them to communicate with other VPC resources over AWS’s private network, avoiding public internet exposure. This setup enhances security by protecting data in transit. VPCs offer various network controls, such as security groups and network ACLs, to manage and secure access to OpenSearch domains. Transition public OpenSearch domains to VPCs to leverage these security features.

Remediation

If you set up a domain with a public endpoint, you cannot move it into a VPC later. Instead, you need to create a new domain and transfer your data to it.

For guidance on deploying OpenSearch domains to a VPC and migrating data, refer to the Launching your Amazon OpenSearch Service domains within a VPC and Migrating data between domains and collections using Amazon OpenSearch Ingestion sections of the Amazon OpenSearch Service Developer Guide.