Ensure OpenSearch Service Domain AdvancedSecurityOptions are enabled

Security & Compliance
No items found.

OpenSearch Service Domain AdvancedSecurityOptions provides security features such as node-to-node encryption, encryption of data at rest, and fine-grained access control for OpenSearch clusters. Ensuring that the AdvancedSecurityOptions are enabled can help protect sensitive data and prevent unauthorized access to the OpenSearch cluster.


To ensure that OpenSearch Service Domain AdvancedSecurityOptions are enabled, follow these remediation steps:

  1. Open the Amazon OpenSearch Service console.
  2. Navigate to the OpenSearch Service Domain for which you want to enable AdvancedSecurityOptions.
  3. Click the "Edit" button in the "Advanced security options" section.
  4. Enable the "Enable advanced security" option.
  5. Configure the authentication and authorization options as per your requirements.
  6. Click the "Save changes" button to save the configuration.

Note: AdvancedSecurityOptions requires a subscription to the OpenSearch Service beyond the free tier.

Enforced Resources
Note: Remediation steps provided by Lightlytics are meant to be suggestions and guidelines only. It is crucial to thoroughly verify and test any remediation steps before applying them to production environments. Each organization's infrastructure and security needs may differ, and blindly applying suggested remediation steps without proper testing could potentially cause unforeseen issues or vulnerabilities. Therefore, it is strongly recommended that you validate and customize any remediation steps to meet your organization's specific requirements and ensure that they align with your security policies and best practices.