Elasticsearch HTTPS Enforcement Not Configured

Tenacity Id

Risk Level




Last Updated:

April 21, 2022

An Amazon Elasticsearch domain is configured with "Require HTTPS for all traffic to the domain" disabled. HTTPS facilitates secure communication for all traffic to Elasticsearch. When disabled, all traffic is transmitted in plain text and sensitive data could be intercepted by an unintended recipient. Elasticsearch domains should have HTTPS requirements enabled for all communication.