Triage and Remediation
Remediation
Using Console
Using Console
To remediate the misconfiguration of Opensearch Audit Logging not being enabled in AWS OpenSearch, follow these steps using the AWS Management Console:
- Navigate to the Amazon OpenSearch Service Console: Go to the AWS Management Console and search for “OpenSearch Service” in the services search bar. Click on the service to open the Amazon OpenSearch Service Console.
- Select the Domain: From the list of domains, select the domain for which you want to enable Audit Logging.
- Enable Audit Logging: In the domain dashboard, click on the “Configure access and security” tab in the left-hand navigation menu.
- Edit the Advanced Security Settings: Under the “Advanced security settings” section, click on the “Edit” button.
- Enable Audit Logs: Scroll down to the “Logging” section and toggle the switch to enable “Log publishing” for audit logs.
- Configure Log Publishing: Configure the destination for the audit logs. You can choose to send logs to Amazon CloudWatch Logs, Amazon S3, or both.
- Save Changes: Click on the “Save” button to apply the changes and enable Audit Logging for the OpenSearch domain.
- Verify Audit Logging: To verify that Audit Logging is enabled, you can check the status in the domain dashboard or navigate to the chosen destination (CloudWatch Logs or S3) to ensure that the audit logs are being published successfully.
Using CLI
Using CLI
To remediate the misconfiguration of enabling audit logging for AWS OpenSearch using AWS CLI, follow these steps:
-
Enable Audit Logging: Use the following AWS CLI command to enable audit logging for your AWS OpenSearch domain:
Replace
<your-domain-name>with the name of your AWS OpenSearch domain. -
Verify Audit Logging: After running the command, verify that audit logging is enabled for your AWS OpenSearch domain by checking the domain configuration settings:
Ensure that the
AuditLogEnabledparameter is set totruein the output. - Monitor Audit Logs: Once audit logging is enabled, monitor the audit logs to ensure that all relevant activities are being logged appropriately. You can access the audit logs through the AWS Management Console or by using the AWS CLI.
Using Python
Using Python
To remediate the misconfiguration of enabling Audit Logging for AWS OpenSearch using Python, you can follow these steps:Step 1: Install boto3 libraryStep 2: Use the following Python script to enable Audit Logging for AWS OpenSearch:Step 3: Replace
'your-domain-name' with the actual name of your OpenSearch domain in the script.Step 4: Replace 'arn:aws:iam::123456789012:role/OpenSearch-Audit-Role' with the ARN of the IAM role that should have permission to write audit logs.Step 5: Run the Python script. This will enable Audit Logging for the specified OpenSearch domain.After following these steps, Audit Logging should be successfully enabled for your AWS OpenSearch domain.