AWS Config Rule: Elasticsearch Node to Node Encryption Check

ELASTICSEARCH_NODE_TO_NODE_ENCRYPTION_CHECK

Fernando Honig

Last Update 7 maanden geleden

Description: Check that Amazon ElasticSearch Service nodes are encrypted end to end. The rule is NON_COMPLIANT if the node-to-node encryption is disabled on the domain.


Trigger type: Configuration changes


AWS Region: All supported AWS regions except Asia Pacific (Jakarta), Africa (Cape Town), Asia Pacific (Hyderabad), Asia Pacific (Osaka), Asia Pacific (Melbourne), Europe (Milan), Israel (Tel Aviv), Canada West (Calgary), Europe (Spain), Europe (Zurich) Region


How to Resolve Manually

To resolve this manually, go to your AWS Management Console and select Elasticsearch from Services.


Node-to-node encryption on new domains requires Elasticsearch 6.0 or later. Enabling the feature on existing domains requires Elasticsearch 6.7 or later

Choose the existing domain that is NON_COMPLIANT -> Actions, and Modify encryptions.


Want to know more about StackZone and how to make your cloud management simple and secure?

Check our how it works section with easy to follow videos or just create your own StackZone Account here

Was this article helpful?

1 out of 1 liked this article

Still need help? Message Us