AWS Config Rule: Elasticsearch Node to Node Encryption Check
ELASTICSEARCH_NODE_TO_NODE_ENCRYPTION_CHECK
Fernando Honig
Last Update 7 maanden geleden
Description: Check that Amazon ElasticSearch Service nodes are encrypted end to end. The rule is NON_COMPLIANT if the node-to-node encryption is disabled on the domain.
Trigger type: Configuration changes
AWS Region: All supported AWS regions except Asia Pacific (Jakarta), Africa (Cape Town), Asia Pacific (Hyderabad), Asia Pacific (Osaka), Asia Pacific (Melbourne), Europe (Milan), Israel (Tel Aviv), Canada West (Calgary), Europe (Spain), Europe (Zurich) Region
How to Resolve Manually
To resolve this manually, go to your AWS Management Console and select Elasticsearch from Services.
Node-to-node encryption on new domains requires Elasticsearch 6.0 or later. Enabling the feature on existing domains requires Elasticsearch 6.7 or later.
Choose the existing domain that is NON_COMPLIANT -> Actions, and Modify encryptions.
Want to know more about StackZone and how to make your cloud management simple and secure?
Check our how it works section with easy to follow videos or just create your own StackZone Account here