Skip to content

Ensure AWS Elasticsearch Endpoint Using TLS


Configure your domains to require that all traffic be submitted over HTTPS so that you can ensure that communications between your clients and your domain are encrypted. You can also configure the minimum required TLS version to accept.

This option is a useful additional security control to ensure your clients are not misconfigured.


Requiring HTTPS for all communication to an Elasticsearch domain decreases the chance that data could be compromised from misconfigured clients or compromises on client machines.

Applies To

  • Databases


This rule is applied when the following tags are present:

Tag With Value
secureclouddb/provider aws
secureclouddb/service elasticsearch

Default Rule

 * @param {Object} awsElasticsearchDomainStatus - Elasticsearch Domain Status
 * @returns {boolean} true if TLS at endpoint is enabled
function validate(databaseSettings) {

    const success =
        databaseSettings.awsDatabaseInstance &&
        databaseSettings.awsDatabaseInstance.elasticsearchDomain &&
        databaseSettings.awsDatabaseInstance.elasticsearchDomain.domainEndpointOptions &&

    return {

// invoke