Enforce Latest TLS Security Policy for OpenSearch Domain Connections

Ensures that connections to OpenSearch domains use the latest TLS security policy, providing strong encryption for data in transit.

Rule	Connections to OpenSearch domains should be encrypted using the latest TLS security policy
Framework	AWS Foundational Security Best Practices
Severity	✔ Medium

Rule Description:

To ensure secure connections to OpenSearch domains, it is important to encrypt the connections using the latest TLS security policy as recommended by AWS Foundational Security Best Practices. This helps in protecting sensitive data and preventing unauthorized access.

Troubleshooting Steps:

If you encounter issues with establishing encrypted connections to OpenSearch domains, consider the following troubleshooting steps:

1.
Check if the security policy for TLS encryption is configured correctly.

2.
Verify if the appropriate TLS version is supported by both the client and OpenSearch domain.

3.
Ensure that the certificates are valid and properly configured.

4.
Review the network configuration to rule out any firewall or routing issues that may be blocking the encrypted connections.

Necessary Codes:

If required, you can use the following snippets to enforce the latest TLS security policy for OpenSearch domains:

"TLSSecurityPolicy": "Policy-Min-TLS-1-2-2021-07"

Step-by-Step Guide for Remediation:

To enforce the latest TLS security policy for OpenSearch domains, follow these steps:

1.
Open the Amazon OpenSearch Service console.

2.
Select the OpenSearch domain for which you want to update the TLS security policy.

3.
Navigate to the domain settings or configuration section.

4.
Locate the "TLSSecurityPolicy" option.

5.
Update the TLSSecurityPolicy to "Policy-Min-TLS-1-2-2021-07" or the latest recommended TLS security policy.

6.
Save the changes and wait for the configuration to apply.

7.
Test the connection to ensure that the encrypted connections are now using the latest TLS security policy.

By following these steps, you can ensure that connections to your OpenSearch domains are encrypted using the latest TLS security policy recommended by AWS Foundational Security Best Practices.

Enforce Latest TLS Security Policy for OpenSearch Domain Connections

.css-doq6ia{margin:0;font-family:Inter;font-weight:400;font-size:1.2857142857142858rem;line-height:1.5;color:#161857;text-align:left;font-size:26px;font-weight:700;margin-top:1rem;}Troubleshooting Steps:

.css-doq6ia{margin:0;font-family:Inter;font-weight:400;font-size:1.2857142857142858rem;line-height:1.5;color:#161857;text-align:left;font-size:26px;font-weight:700;margin-top:1rem;}Necessary Codes:

.css-doq6ia{margin:0;font-family:Inter;font-weight:400;font-size:1.2857142857142858rem;line-height:1.5;color:#161857;text-align:left;font-size:26px;font-weight:700;margin-top:1rem;}Step-by-Step Guide for Remediation:

Is your System Free of Underlying Vulnerabilities? Find Out Now

Troubleshooting Steps:

Necessary Codes:

Step-by-Step Guide for Remediation:

Is your System Free of Underlying Vulnerabilities?
Find Out Now