Enable Audit Logging for OpenSearch Domains

Ensures that audit logging is enabled for OpenSearch domains, providing a record of user activities and system changes for security audits.

Rule	OpenSearch domains should have audit logging enabled
Framework	AWS Foundational Security Best Practices
Severity	✔ Medium

Rule Description:

To comply with AWS Foundational Security Best Practices, it is essential to have audit logging enabled for OpenSearch domains. Audit logging helps in monitoring and tracking changes, activities, and access to the OpenSearch service, providing valuable insights for security analysis and compliance purposes.

Troubleshooting Steps:

If audit logging is not enabled for OpenSearch domains, follow the below steps to remediate the issue:

1.
Access the AWS Management Console.

2.
Navigate to the Amazon OpenSearch Service console.

3.
Select the OpenSearch domain that needs audit logging enabled.

4.
In the domain settings, locate the "Logging" section.

5.
Enable audit logging and configure the necessary settings such as log destination, format, and retention period.

6.
Save the changes and ensure that the audit logging status is active.

Code Snippet:

To enable audit logging for an OpenSearch domain using AWS CLI, you can use the following command:

aws opensearchservice update-domain-config --domain-name your-domain-name --advanced-security-options Enabled=true,AuditLogsEnabled=true

Remediation Steps:

Follow the step-by-step guide to enable audit logging for an OpenSearch domain:

1.
Open the AWS CLI or AWS Management Console.

2.
Identify the OpenSearch domain for which you want to enable audit logging.

3.
Execute the AWS CLI command mentioned above with your domain name to enable audit logging.

4.
Verify the configuration changes by checking the domain settings in the Amazon OpenSearch Service console.

By following these steps and enabling audit logging for OpenSearch domains, you ensure compliance with AWS Foundational Security Best Practices and enhance the security posture of your AWS environment.

Enable Audit Logging for OpenSearch Domains

.css-doq6ia{margin:0;font-family:Inter;font-weight:400;font-size:1.2857142857142858rem;line-height:1.5;color:#161857;text-align:left;font-size:26px;font-weight:700;margin-top:1rem;}Troubleshooting Steps:

.css-doq6ia{margin:0;font-family:Inter;font-weight:400;font-size:1.2857142857142858rem;line-height:1.5;color:#161857;text-align:left;font-size:26px;font-weight:700;margin-top:1rem;}Code Snippet:

.css-doq6ia{margin:0;font-family:Inter;font-weight:400;font-size:1.2857142857142858rem;line-height:1.5;color:#161857;text-align:left;font-size:26px;font-weight:700;margin-top:1rem;}Remediation Steps:

Is your System Free of Underlying Vulnerabilities? Find Out Now

Troubleshooting Steps:

Code Snippet:

Remediation Steps:

Is your System Free of Underlying Vulnerabilities?
Find Out Now