AWS Elasticsearch
Best practices and references below are based on published guidance from the cloud service provider and may reference native capabilities the cloud service provider offers. If you are not using the native security capabilities, the same security requirement can be met using other security capabilities your organization utilizes
Design Guidance:
Access Policies | ||
Advanced Security Options-Enabled | ||
Cognito Options-Role Arn |
Design Guidance:
Advanced Security Options-Internal User Database Enabled | ||
Master User Options-Master User Arn | ||
Master User Options-Master User Name | ||
Master User Options-Master User Password | ||
Cognito Options-Enabled | ||
Cognito Options-Identity Pool Id | ||
Cognito Options-User Pool Id |
SAMLoptions-Enabled | |
Idp-Entity Id | |
Idp-Metadata Content | |
SAMLoptions-Subject Key |
Design Guidance:
Domain Endpoint Options-Enforce HTTPS | ||
Node To Node Encryption Options-Enabled | ||
Domain Endpoint Options-TLSsecurity Policy |
Design Guidance:
Ebsoptions-Ebsenabled | ||
Ebsoptions-Iops | ||
Ebsoptions-Volume Size | ||
Ebsoptions-Volume Type | ||
Zone Awareness Config-Availability Zone Count | ||
Elasticsearch Cluster Config-Zone Awareness Enabled |
Design Guidance:
Encryption At Rest Options-Enabled |
Design Guidance:
Encryption At Rest Options-Kms Key Id |
Design Guidance:
[a-z A-z0-9]+-Cloud Watch Logs Log Group Arn | ||
[a-z A-z0-9]+-Enabled |
Design Guidance:
Snapshot Options-Automated Snapshot Start Hour |
Design Guidance:
Tags |
Design Guidance:
VPCoptions-Security Group Ids |
Design Guidance:
VPCoptions-Subnet Ids |
SAMLoptions-Roles Key |
SAMLoptions-Session Timeout Minutes |
Last modified 1yr ago