OpenSearch Domain Does Not Have HTTPS Enforced

Overview

Verify whether HTTPS enforcement is enabled for Amazon OpenSearch Service domains. Failure to enable this could elevate the potential risks associated with unauthorized data access. When establishing OpenSearch Domains, ensure to activate the option for 'Require HTTPS fo all traffic to the domain'.

Vendor

AWS

Cloud Service

OpenSearch

References

https://docs.aws.amazon.com/opensearch-service/latest/APIReference/API_DomainEndpointOptions.html, https://docs.aws.amazon.com/elasticsearch-service/latest/developerguide/es-createupdatedomains.html

Severity

Item Types

AWS::OpenSearch::Domain

Overview​

Vendor​

Cloud Service​

References​

Severity​

Item Types​