Skip to content

Ensure that the domain has access policy set

Description

The policies allow to control the access to your AWS Elasticsearch domains.

Rationale

AWS Elasticsearch supports three types of access policies: - Resource-based Policies: specify which actions a principal can perform on the domain's subresources.

  • Identity-based Policies: specify who can access a service, which actions they can perform, and if applicable, the resources on which they can perform those actions.

  • IP-based Policies: restrict access to a domain to one or more IP addresses or CIDR blocks.

Applies To

  • Databases

Tags

This rule is applied when the following tags are present:

Tag With Value
secureclouddb/provider aws
secureclouddb/service elasticsearch

Default Rule

/**
 * @param {Object} awsElasticsearchDomainStatus - Elasticsearch Domain Status
 * @returns {boolean} true if at least one access policy is set
 */
function validate(databaseSettings) {

    const success =
        databaseSettings.awsDatabaseInstance &&
        databaseSettings.awsDatabaseInstance.elasticsearchDomain &&
        !!databaseSettings.awsDatabaseInstance.elasticsearchDomain.accessPolicies;

    return {
        success,
    }
}

// invoke
validate(databaseSettings);