issues
search
cloudposse
/
terraform-aws-elasticsearch
Terraform module to provision an Elasticsearch cluster with built-in integrations with Kibana and Logstash.
https://cloudposse.com/accelerate
Apache License 2.0
216
stars
231
forks
source link
Update VPC Security Groups to least privileged access
#130
Closed
tuxtek
closed
2 years ago
tuxtek
commented
2 years ago
Improved VPC Network Security
what
Replace the single ingress and egress port ranges with Opensearch/Elasticsearch specific ports.
Additional rules can still be added by users with the 'aws_security_group_rule' resource if needed.
why
There is no requirement for Opensearch to have egress to all ports.
To align with Well Architected standards, both ingress and egress should be set to allow only necessary ports for operation.
references
Improved VPC Network Security
what
why
references