CloudWiki
Rules
Medium

Ensure OpenSearch domains are configured to enforce HTTPS connections

Security & Compliance
Description

OpenSearch domains are often used to store and search large amounts of sensitive data. To ensure the security and privacy of this data, it is important to ensure that HTTPS connections are used to access the OpenSearch domain. An OpenSearch domain without HTTPS enforcement leaves the data in the domain vulnerable to man-in-the-middle attacks and other security threats. To address this issue, it is recommended to enforce HTTPS connections for OpenSearch domains. This ensures that all traffic to and from the domain is encrypted and secure.

Remediation

To ensure that OpenSearch domains are configured to enforce HTTPS connections, you can follow these remediation steps:

  1. Open the Amazon OpenSearch Service console.
  2. Choose the domain that you want to configure.
  3. Choose the "Edit" button on the top navigation bar of the OpenSearch domain dashboard.
  4. In the "Edit domain" page, scroll down to the "Encryption" section.
  5. Under "In Transit Encryption", select the "Require HTTPS" option.
  6. Scroll down to the bottom of the page and choose "Update domain" to apply the changes.
Enforced Resources
Note: Remediation steps provided by Lightlytics are meant to be suggestions and guidelines only. It is crucial to thoroughly verify and test any remediation steps before applying them to production environments. Each organization's infrastructure and security needs may differ, and blindly applying suggested remediation steps without proper testing could potentially cause unforeseen issues or vulnerabilities. Therefore, it is strongly recommended that you validate and customize any remediation steps to meet your organization's specific requirements and ensure that they align with your security policies and best practices.