Pattern: Disabled domain encryption for AWS Elasticsearch
Issue: -
You should ensure your Elasticsearch data is encrypted at rest to help prevent sensitive information from being read by unauthorized users.
Resolution: Enable Elasticsearch domain encryption.
The following example will fail the aws-elastic-search-enable-domain-encryption check.
resource "aws_elasticsearch_domain" "bad_example" {
domain_name = "domain-foo"
encrypt_at_rest {
enabled = false
}
}
The following example will pass the aws-elastic-search-enable-domain-encryption check.
resource "aws_elasticsearch_domain" "good_example" {
domain_name = "domain-foo"
encrypt_at_rest {
enabled = true
}
}