AWS OpenSearch Service Domain is Publicly Accessible

Overview

This check ensures that OpenSearch service domains are not publicly accessible by looking into the domains specific access policy. Publicly accessbile domains are subject to exposure to sensitive data to bad actors, this check ensures that unsigned requests are stopped before harm is done. It is recommended that each OpenSearch domain is to be launched within a VPC for safer communication.

Vendor

AWS

Cloud Service

OpenSearch

References

https://docs.aws.amazon.com/opensearch-service/latest/APIReference/API_AccessPoliciesStatus.html, https://docs.aws.amazon.com/opensearch-service/latest/developerguide/ac.html, https://docs.aws.amazon.com/opensearch-service/latest/APIReference/API_DomainConfig.html

Severity

Item Types

AWS::OpenSearch::Domain

Overview​

Vendor​

Cloud Service​

References​

Severity​

Item Types​