Skip to content

Ensure AWS ElasticSearch Patches Updated

Description

Ensures that a AWS ElasticSearch instance is being kept up to date with security patches.

Rationale

Maintaining compliance with security patches is critical to ensuring that software vulnerabilities do not affect your security posture.

Applies To

  • Databases

Tags

This rule is applied when the following tags are present:

Tag With Value
secureclouddb/provider aws
secureclouddb/service elasticsearch

Default Rule

/**
 * @param {Object} awsElasticsearchDomainStatus - Elasticsearch Domain Status
 * @returns {boolean} true if there isn't any security patches available
 */
function validate(databaseSettings) {

    const success =
        databaseSettings.awsDatabaseInstance &&
        databaseSettings.awsDatabaseInstance.elasticsearchDomain &&
        databaseSettings.awsDatabaseInstance.elasticsearchDomain.serviceSoftwareOptions &&
        !databaseSettings.awsDatabaseInstance.elasticsearchDomain.serviceSoftwareOptions.updateAvailable

    return {
        success,
    }
}

// invoke
validate(databaseSettings);