Skip to content

Elasticsearch: Ensure Cross Node Encryption Enabled

Description

Configure your domains to require that all traffic between nodes uses TLS so that your data can not be compromised from inside your cluster.

Rationale

Enable node-to-node encryption to protect data exchanged between your Amazon Elasticsearch nodes from being intercepted by unauthorized parties.

Applies To

  • Databases

Tags

This rule is applied when the following tags are present:

Tag With Value
secureclouddb/provider aws
secureclouddb/service elasticsearch

Default Rule

/**
 * @param {Object} awsElasticsearchDomainStatus - Elasticsearch Domain Status
 * @returns {boolean} true if the node to node encryption feature is enabled
 */
function validate(databaseSettings) {

    const success =
        databaseSettings.awsDatabaseInstance &&
        databaseSettings.awsDatabaseInstance.elasticsearchDomain &&
        databaseSettings.awsDatabaseInstance.elasticsearchDomain.nodeToNodeEncryptionOptions &&
        databaseSettings.awsDatabaseInstance.elasticsearchDomain.nodeToNodeEncryptionOptions.enabled

    return {
        success,
    }
}

// invoke
validate(databaseSettings);