---
title: Elasticsearch domain should only be accessible from an AWS VPC
description: Datadog, the leading service for cloud-scale monitoring.
breadcrumbs: >-
  Docs > Datadog Security > OOTB Rules > Elasticsearch domain should only be
  accessible from an AWS VPC
---

# Elasticsearch domain should only be accessible from an AWS VPC
 
## Description{% #description %}

Ensure your Amazon Elasticsearch (ES) domain is only accessible from an AWS VPC.

## Rationale{% #rationale %}

Using a VPC gives your Amazon ES domains an extra layer of security. Launching your clusters within a VPC ensures communication between your clusters and other AWS services is secure.

## Remediation{% #remediation %}

Once a domain is created with a public endpoint, it cannot be switched to VPC access. Follow the [Migrating from Public Access to VPC Access](https://docs.aws.amazon.com/elasticsearch-service/latest/developerguide/es-vpc.html#es-migrating-public-to-vpc) docs to learn how to create a new domain and either manually reindex or migrate your data.