04 - Elasticsearch Encrypted at Rest

Ensure Elasticsearch is enforcing encryption at rest

When running AWS ES clusters, all data should be encrypted at rest. For this reason it is considered a security best practice to enforce HTTPS to be required on the Elasticsearch cluster. Ensuring this will help you with NIST, HIPPA and GDPR compliance.

Audit & Remediation

Login into your AWS account
Navigate to the Elasticsearch service at: https://console.aws.amazon.com/es

Select each Elasticsearch cluster and on the main tab look to validate the encryption settings.

If Encryption at rest is currently set to Disabled, you will want to select the Actions button at the top of this screen and select Modify encryptions.

Select the Enable encryption of data at rest.

In order to change this feature you will be required to do a manual snapshot of the Elasticsearch domain and restore a to a new Elasticsearch domain.
Follow directions located here in order to perform the recreation fo the Elasticsearch domain. https://docs.aws.amazon.com/elasticsearch-service/latest/developerguide/es-managedomains-snapshots.html
Repeat all steps for each Elasticsearch cluster that you have.
Repeat all steps for each region.

See all of your AWS EC2 Instances in a single place!

Do you want to see all of your AWS EC2 Instances in once place for all regions and all accounts?
Login to our online demo to see exactly what this looks like.
demo.intelligentdiscovery.io

Other Key Features

Inventory

Consolidate your inventory management with consistent and frequent security logs, inventories, and change logs. Dashboard reporting for extensive analytical value.

learn more +

Cost & Usage

Access consolidated capacity, cost, and volume tools in a scaling environment without impacting production or breaking the bank.