Link Search Menu Expand Document

Elasticsearch domain uses plaintext traffic for node to node communication.

Explanation

Traffic flowing between Elasticsearch nodes should be encrypted to ensure sensitive data is kept private.

Insecure Example

The following example will fail the AWS032 check.

resource "aws_elasticsearch_domain" "my_elasticsearch_domain" {
  domain_name = "domain-foo"

  node_to_node_encryption {
    enabled = false
  }
}

Secure Example

The following example will pass the AWS032 check.

resource "aws_elasticsearch_domain" "my_elasticsearch_domain" {
  domain_name = "domain-foo"

  node_to_node_encryption {
    enabled = true
  }
}