Loading controls...
Benchmark: Elasticsearch
Description
This benchmark provides a set of controls that detect Terraform AWS Elasticsearch resources deviating from security best practices.
Usage
Browse dashboards and select Elasticsearch:
steampipe dashboardOr run the benchmarks in your terminal:
steampipe check terraform_aws_compliance.benchmark.esSnapshot and share results via Steampipe Cloud:
steampipe loginsteampipe check --share terraform_aws_compliance.benchmark.esControls
- Elasticsearch domains should have audit logging enabled
- Elasticsearch domains should have at least three data nodes
- Elasticsearch domains should be configured with at least three dedicated master nodes
- Connections to Elasticsearch domains should be encrypted using TLS 1.2
- ES domain encryption at rest should be enabled
- Elasticsearch domain error logging to CloudWatch Logs should be enabled
- Amazon Elasticsearch Service domains should be in a VPC
- Elasticsearch domain should send logs to cloudWatch
- Elasticsearch domain node-to-node encryption should be enabled