Ensure that the access to your Elasticsearch Service (ES) domains is made based on safelisted IP addresses only in order to protect them against unauthorized access. Prior to running this rule by the Cloud Conformity engine, you need to specify the IP addresses that you want to safelist in the rule settings available on the Cloud Conformity console. The IPs must be valid IPv4 addresses (e.g. 22.214.171.124/32), IP address ranges (e.g. 126.96.36.199/24) or CIDR blocks (e.g. 172.31.0.0/16).
This rule can help you with the following compliance standards:
This rule resolution is part of the Cloud Conformity Security & Compliance tool for AWS
Using ES IP-based access policies will allow only specific IP addresses or IP address ranges to access your Elasticsearch domains endpoints, acting as a firewall that prevents incoming anonymous or unauthorized requests from reaching your ES clusters.
To determine if your Elasticsearch domains are using IP-based access policies, perform the following:
Remediation / Resolution
To implement an IP-based access policy for your Amazon ElasticSearch domains, perform the following:
- AWS Documentation
- Amazon Elasticsearch Service FAQs
- Creating and Configuring Amazon Elasticsearch Service Domains
- Step 3: Configuring an Access Policy for an Amazon ES Domain
Unlock the Remediation Steps
Free 30-day Trial
Automatically audit your configurations with Conformity
and gain access to our cloud security platform.
You are auditing:
Elasticsearch Accessible Only From Safelisted IP Addresses
Risk level: High