Back to All Checks
Medium Elasticsearch Regional

Elasticsearch domains should have encryption at-rest enabled

PCI DSSNISTISO 27001HIPAA

Description

This check ensures that Elasticsearch domains have encryption at-rest enabled to secure data stored on the service's persistent volumes.

Remediation

To create a new Elasticsearch domain with encryption at-rest enabled, follow these steps:

Steps

  1. Open the Amazon Elasticsearch Service console at https://console.aws.amazon.com/es/.
  2. Choose 'Create a new domain'.
  3. Configure the domain as needed for your use case.
  4. In the 'Set the domain access policy' section, ensure that 'Encryption at rest' is set to 'Enabled'.
  5. Configure any other settings as necessary and choose 'Create'.
  6. After the domain is created, migrate your data from the old domain to the new domain with encryption at-rest enabled.

Compliance

PCI DSSNISTISO 27001HIPAA
Start Your Free Security Check