Skip to content

Ensure that the domain has access policy set


The policies allow to control the access to your AWS Elasticsearch domains.


AWS Elasticsearch supports three types of access policies: - Resource-based Policies: specify which actions a principal can perform on the domain's subresources.

  • Identity-based Policies: specify who can access a service, which actions they can perform, and if applicable, the resources on which they can perform those actions.

  • IP-based Policies: restrict access to a domain to one or more IP addresses or CIDR blocks.

Applies To

  • Databases


This rule is applied when the following tags are present:

Tag With Value
secureclouddb/provider aws
secureclouddb/service elasticsearch

Default Rule

 * @param {Object} awsElasticsearchDomainStatus - Elasticsearch Domain Status
 * @returns {boolean} true if at least one access policy is set
function validate(databaseSettings) {

    const success =
        databaseSettings.awsDatabaseInstance &&
        databaseSettings.awsDatabaseInstance.elasticsearchDomain &&

    return {

// invoke