Description

Elasticsearch Service is a managed service that makes it easy to deploy, operate, and scale Elasticsearch, a popular open-source search and analytics engine. Amazon ES also offers security options, high availability, data durability, and direct access to the Elasticsearch API. 


Rationale:

No open access to Elasticsearch Service domains as there might be a risk.


Remediation: 

Enabling Log Publishing (Console), the Amazon ES console is the simplest way to enable the publishing of logs to CloudWatch. To enable log publishing to CloudWatch (console)


  1. Go to https://aws.amazon.com, and then choose Sign In to the Console.
  2. Under Analytics, choose Elasticsearch Service.
  3. In the navigation pane, under My domains, choose the domain that you want to update.
  4. On the Logs tab, choose Enable for the log that you want.
  5. Create a CloudWatch log group, or choose an existing one.


Note: If you plan to enable multiple logs, we recommend publishing each to its own log group. This separation makes the logs easier to scan.


        6. Choose an access policy that contains the appropriate permissions, or create a policy using the JSON that the console             provides: 


Reference: 

https://aws.amazon.com/blogs/security/how-to-control-access-to-your-amazon-elasticsearch-service-domain 

https://docs.aws.amazon.com/elasticsearch-service/latest/developerguide/es-createupdatedomains.html#es-createdomain-configure-slow-logs