Benchmark: OpenSearch

Usage

Browse dashboards and select OpenSearch:

steampipe dashboard

Or run the benchmarks in your terminal:

steampipe check aws_compliance.benchmark.all_controls_opensearch

Snapshot and share results via Steampipe Cloud:

steampipe login
steampipe check --share aws_compliance.benchmark.all_controls_opensearch

Controls

• OpenSearch domains should have audit logging enabled.
• OpenSearch domains cognito authentication should be enabled for kibana
• OpenSearch domains should have at least three data nodes
• OpenSearch domains should have encryption at rest enabled
• OpenSearch domains should have fine-grained access control enabled
• OpenSearch domains should use HTTPS
• OpenSearch domains should be in a VPC
• OpenSearch domains internal user database should be disabled
• OpenSearch domains logs to AWS CloudWatch Logs
• OpenSearch domains node-to-node encryption should be enabled
• OpenSearch domains should be updated to the latest service software version

Tags