Triage and Remediation
Remediation
Using Console
Using Console
To remediate the ElasticSearch domain misconfiguration in AWS, follow these steps:
- Open the AWS Management Console and navigate to the Amazon ElasticSearch Service.
- Select the ElasticSearch domain that you want to remediate.
- Click on the “Modify” button in the “Actions” dropdown menu.
- Scroll down to the “Network Configuration” section.
- Under the “VPC Options” tab, enable the “VPC Access” option.
- Select the VPC that you want to use for private access to your ElasticSearch domain.
- Choose the subnets that you want to use for private access to your ElasticSearch domain.
- Select the security groups that you want to use for private access to your ElasticSearch domain.
- Click on the “Save Changes” button to apply the changes.
- Verify that the ElasticSearch domain is now using private VPC endpoints by checking the “Endpoint” section in the domain details page. The endpoint should now show as a private IP address.
Using CLI
Using CLI
To remediate the ElasticSearch Domains should be launched with private VPC endpoints in AWS using AWS CLI, follow these steps:Replace Replace This command should return a JSON object that includes the VPC endpoint information.
- Open the AWS CLI on your computer.
- Run the following command to create a new VPC endpoint for ElasticSearch:
<vpc-id> with the ID of the VPC that contains your ElasticSearch domain. Replace <region> with the region where your ElasticSearch domain is located. Replace <route-table-id> with the ID of the route table that is associated with your subnet. Replace <subnet-id> with the ID of the subnet that contains your ElasticSearch domain. Replace <security-group-id> with the ID of the security group that is associated with your ElasticSearch domain.- Run the following command to modify your ElasticSearch domain to use the VPC endpoint:
<domain-name> with the name of your ElasticSearch domain. Replace <subnet-id> with the ID of the subnet that contains your ElasticSearch domain. Replace <security-group-id> with the ID of the security group that is associated with your ElasticSearch domain.- Verify that your ElasticSearch domain is now using the VPC endpoint by running the following command:
- Repeat these steps for each ElasticSearch domain that you want to remediate.
Using Python
Using Python
To remediate this misconfiguration in AWS using Python, you can follow the below steps:
-
Install the AWS SDK for Python (Boto3) using the following command:
-
Create an EC2 client using the following code:
-
Get the VPC ID of the VPC where the ElasticSearch domain is launched using the following code:
Replace
<VPC_NAME>with the name of the VPC where the ElasticSearch domain is launched. -
Create a VPC endpoint for ElasticSearch using the following code:
Replace
<REGION>with the AWS region where the ElasticSearch domain is launched,<SECURITY_GROUP_ID>with the ID of the security group that allows traffic to the ElasticSearch domain, and<SUBNET_ID>with the ID of the subnet where the ElasticSearch domain is launched. -
Update the ElasticSearch domain to use the VPC endpoint by setting the
VPCOptionsparameter using the following code:Replace<DOMAIN_NAME>with the name of the ElasticSearch domain,<INSTANCE_TYPE>with the desired instance type for the ElasticSearch cluster,<SUBNET_ID>with the ID of the subnet where the ElasticSearch domain is launched, and<SECURITY_GROUP_ID>with the ID of the security group that allows traffic to the ElasticSearch domain. -
Verify that the ElasticSearch domain is now using the VPC endpoint by checking the
VPCOptionsparameter using the following code:Replace<DOMAIN_NAME>with the name of the ElasticSearch domain.