Enable Node-to-Node Encryption for OpenSearch Domains
Ensures that data transmitted between nodes in OpenSearch domains is encrypted, preventing data interception and manipulation.
| Rule | OpenSearch domains should encrypt data sent between nodes |
| Framework | AWS Foundational Security Best Practices |
| Severity | ✔ Medium |
Rule Description:
OpenSearch domains should encrypt data sent between nodes for AWS Foundational Security Best Practices. Encrypting data in transit helps to protect sensitive information and ensure the security of your OpenSearch domain.
Troubleshooting Steps:
- 1.Check the configuration settings of your OpenSearch domain to ensure that encryption in transit is enabled.
- 2.Verify if there are any errors or warnings related to encryption in the logs or monitoring dashboards.
- 3.Ensure that the appropriate security policies and permissions are applied to support encryption in transit.
Necessary Codes:
There are no specific codes required for this rule.
Remediation Steps:
- 1.Login to your AWS Management Console.
- 2.Navigate to the OpenSearch service.
- 3.Select your OpenSearch domain that needs to have data encryption enabled.
- 4.Click on the "Modify domain" option.
- 5.Scroll down to the "Security" section.
- 6.Enable the "Encrypt data in transit" option.
- 7.Save the changes.
- 8.Monitor the domain to ensure that encryption in transit is successfully enabled.
By following these steps, you can ensure that data sent between nodes in your OpenSearch domain is encrypted, aligning with AWS Foundational Security Best Practices.