Elasticsearch Domains Publicly Available

Tenacity Id

Risk Level

Categories

elasticsearch-002

3

Last Updated:

April 21, 2022

An Amazon Elasticsearch domain is publicly accessible. An Elasticsearch domain configured for Public Access allows internet hosts to connect to it, potentially exposing data to malicious software or attackers. Unless strictly required, Elasticsearch domains should be configured for VPC Access instead of Public Access and deployed in a private VPC.