This plugin ensures ElasticSearch domains are configured to enforce HTTPS connections
Risk Level: Medium
Description
This plugin ensures ElasticSearch domains are configured to enforce HTTPS connections. The domains must be encrypted to ensure data at transit is secured and not prone to any database query attacks. Enforcing HTTPS connections on ElasticSearch domains guarantees the data is secure during transit.
About the Service
Amazon OpenSearch: With Amazon OpenSearch, one can analyze, query and visualize petabytes of text and unstructured data. It makes the complex process of performing interactive log analytics, real-time application monitoring, a website search, an easy process. Apart from this, Amazon OpenSearch also provides the possibility to capture observability logs and metrics.
Impact
It is recommended to enable encryption at transit for OpenSearch domains. In absence of proper encryption, the domain data such as log analytics, monitoring data will be completely visible to the attacker if compromised during data transfer processes.
Steps to Reproduce
Using AWS Console-
- Log In to your AWS Console.
- Open the Amazon OpenSearch Console. You can use this link (https://console.aws.amazon.com/esv3/) to navigate directly if already logged in.
- From the left navigation pane, click on Domains from the left panel.
- A list of domains will be displayed. Select the domain you want to examine by clicking on it’s name.
- Move to the Security Configurations tab.
- In the Encryption section, check if Required HTTPS is enabled. If not, the vulnerability exists.
- Repeat steps 3 to 6 for all the domains you wish to examine.
Steps for Remediation
Ensure HTTPS connections are enforced for all ElasticSearch domains.
- Log In to your AWS Console.
- Open the Amazon OpenSearch Console. You can use this link (https://console.aws.amazon.com/esv3/) to navigate directly if already logged in.
- From the left navigation pane, click on Domains from the left panel.
- A list of domains will be displayed. Select the vulnerable domain by clicking on it’s name.
- Move to the Security Configurations tab.
- Click on the Edit button from the top-right corner.
- Scroll down and enable the Required HTTPS option.
- Repeat steps 3 to 7 for all the insecure domains.