You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Is your feature request related to a problem? Please describe.
AWS OpenSearch Domains support several TLS termination policies. The default supports TLS 1.0, which is deprecated and should be disabled.
Describe the solution you'd like
Check that every OpenSearch Domain is using the strongest TLS termination policy available. At the moment, this is "Policy-Min-TLS-1-2-PFS-2023-10". One can check using the following AWS CLI command:
aws es describe-elasticsearch-domain-config --domain-name <DOMAIN>
Is your feature request related to a problem? Please describe.
AWS OpenSearch Domains support several TLS termination policies. The default supports TLS 1.0, which is deprecated and should be disabled.
Describe the solution you'd like
Check that every OpenSearch Domain is using the strongest TLS termination policy available. At the moment, this is "Policy-Min-TLS-1-2-PFS-2023-10". One can check using the following AWS CLI command:
See https://docs.aws.amazon.com/opensearch-service/latest/APIReference/API_DomainEndpointOptions.html for more information on TLS termination policies for AWS OpenSearch.
Describe alternatives you've considered
N/A
Additional context
There are also related settings for CloudSearch and Elastic Search. Those should be checked as well.
The text was updated successfully, but these errors were encountered: