Skip to main content

Elasticsearch data should be encrypted at rest

  • GG_ID: GG_IAC_0047
  • Severity: HIGH
  • Complexity: LOW
  • Categories: DATA, PERMISSION
  • Providers: AWS
  • Potential data exposure: True
  • Visible in logs: False
  • User interaction required: False
  • Privileges required: True

Description#

Amazon Elasticsearch is a fully open-source search and analytics engine for use cases such as log analytics, real-time application monitoring, and clickstream analysis.

The data should be encrypted at rest to protect the data if accesses are compromised.

Impact#

Not encrypting data at rest could lead to data leak in case of an attack.

Remediation guidelines#

Enable at-rest encryption for Elaticsearch. Enabling encryption in place for an existing, unencrypted domain requires Elasticsearch version 6.7 or higher. For lower versions, the domain will be recreated, potentially leading to data loss. Enabling encryption on new domains requires Elasticsearch version 5.1 or higher.

External documentation#