Description

Compared to OpenSearch domains that utilize public endpoints, AWS OpenSearch domains located within a VPC provide an additional layer of security. By launching an Amazon OpenSearch cluster within an AWS VPC, secure communication between the OpenSearch cluster (domain) and other AWS services can be established without the requirement of an Internet Gateway, NAT device, or VPN connection, ensuring all traffic stays secure within the AWS Cloud. To enhance the flexibility and control over the cluster's access and security, it is recommended to restrict access to your Amazon OpenSearch domains (clusters) exclusively to AWS VPCs. This feature enables you to keep all traffic between your VPC and OpenSearch domains within the AWS network, as opposed to transmitting it through the public Internet.

Remediation

To ensure that your OpenSearch domains are in a VPC, you can take the following remediation steps:

  1. Create an AWS VPC and configure it to meet your specific requirements, such as the IP address range, subnets, and route tables.
  2. Launch an OpenSearch domain within the VPC by selecting the VPC and subnet(s) during the domain creation process.
  3. Configure the OpenSearch domain to use private IP addresses within the VPC, instead of public IP addresses.
  4. Ensure that the security group(s) associated with the OpenSearch domain are configured to allow traffic from within the VPC only.
  5. If needed, configure VPC endpoints for other AWS services that your OpenSearch domain needs to access, such as Amazon S3 or Amazon CloudWatch.
  6. Monitor the performance and security of your OpenSearch domain and VPC to ensure that they are functioning as expected. You can use the OpenSearch console or APIs to view the logs and metrics.

By following these remediation steps, you can ensure that your OpenSearch domains are located within an AWS VPC and accessible only from within the VPC, thereby increasing the security of your data and reducing the risk of unauthorized access.

Enforced Resources
Note: Remediation steps provided by Lightlytics are meant to be suggestions and guidelines only. It is crucial to thoroughly verify and test any remediation steps before applying them to production environments. Each organization's infrastructure and security needs may differ, and blindly applying suggested remediation steps without proper testing could potentially cause unforeseen issues or vulnerabilities. Therefore, it is strongly recommended that you validate and customize any remediation steps to meet your organization's specific requirements and ensure that they align with your security policies and best practices.