Ensure that the access to your Elasticsearch Service (ES) domains is made based on whitelisted IP addresses only in order to protect them against unauthorized access. Prior to running this rule by the Cloud Conformity engine, you need to specify the IP addresses that you want to whitelist in the rule settings available on the Cloud Conformity console. The IPs must be valid IPv4 addresses (e.g. 188.8.131.52/32), IP address ranges (e.g. 184.108.40.206/24) or CIDR blocks (e.g. 172.31.0.0/16).
Using ES IP-based access policies will allow only specific IP addresses or IP address ranges to access your Elasticsearch domains endpoints, acting as a firewall that prevents incoming anonymous or unauthorized requests from reaching your ES clusters.
To determine if your Elasticsearch domains are using IP-based access policies, perform the following:
To implement an IP-based access policy for your Amazon ElasticSearch domains, perform the following: