Ensure that all your Elasticsearch Service (ES) clusters are configured to allow access only to trusted AWS users and accounts in order to protect against unauthorized cross account access. Prior to running this rule by the Cloud Conformity engine you need to provide the friendly account identifiers represented by a comma-separated list of valid AWS account IDs (e.g. 123456789012), AWS account ARNs (e.g. arn:aws:iam::123456789012:root) or IAM user ARNs (e.g. arn:aws:iam::123456789012:user/elasticsearch-manager).
Allowing untrustworthy cross account access to your AWS ES clusters can lead to unauthorized actions such as uploading, downloading and deleting documents without permission. To prevent data leaks and data loss, restrict access only to the trusted entities by implementing the appropriate access policies.
To determine if there are any AWS ES domains (clusters) that allow unknown cross account access, perform the following:
To update your Amazon ElasticSearch clusters permissions in order to allow cross account access only from trusted entities, perform the following: