Back to All Checks
Critical Elasticsearch Regional

Elasticsearch domains should not be publicly accessible

PCI DSSNISTISO 27001

Description

This check ensures that Elasticsearch domains are within a VPC, which provides an additional layer of network security.

Remediation

To place an Elasticsearch domain within a VPC, you must create a new domain and specify VPC settings during creation. Existing domains cannot be moved to a VPC.

Steps

  1. Open the Amazon Elasticsearch Service console at https://console.aws.amazon.com/es/.
  2. Choose 'Create a new domain'.
  3. Configure the domain as needed for your use case.
  4. In the 'Network configuration' section, choose 'VPC' and select the VPC and subnets.
  5. Configure any other settings as necessary and choose 'Create'.
  6. After the domain is created, migrate your data from the old domain to the new domain within the VPC.

Compliance

PCI DSSNISTISO 27001
Start Your Free Security Check