Showing results for 
Search instead for 
Did you mean: 
Create a Post

New CloudGuard Dome9 Compliance Entity: AWS ElasticSearchDomain

Dome9 now supports AWS ElasticSearchDomain as an entity in the Compliance Engine.

AWS ElasticSearch is a fully managed ElasticSearch service. The new entity allows to reason on different aspects of the search domains, such as encryption state, access policies, logging and various deployment and backup configurations.

GSL Examples:

  • Make sure the data is encrypted at rest:
    ElasticSearchDomain should have encryptionAtRestOptions.enabled = true
  • Make sure the data is encrypted in transit:
    ElasticSearchDomain should have nodeToNodeEncryptionOptions.enabled = false
  • Enforce creation of ElasticSearch instances in VPCs:
    ElasticSearchDomain should have vpc
Offir Zigelman, Dome9 Product Team Lead
0 Kudos