aws-resource-outside-vpc

Ensure that the resource is configured inside a VPC

This rule currently applies to the following list of resources:

• AWS Elasticsearch Domain

Examples

Insecure Example

Terraform

resource "aws_elasticsearch_domain" "es" {
  domain_name           = var.domain
  elasticsearch_version = "6.3"

  cluster_config {
    instance_type = "m4.large.elasticsearch"
  }

  advanced_options = {
    "rest.action.multi.allow_explicit_index" = "true"
  }
}

CloudFormation

"ElasticsearchDomain":{
   "Type":"AWS::Elasticsearch::Domain",
   "Properties":{
      "DomainName":"test",
      "ElasticsearchVersion": "6.3"
      "ElasticsearchClusterConfig":{
         "InstanceType":"m4.large.elasticsearch",
      },
      "AdvancedOptions":{
         "rest.action.multi.allow_explicit_index":"true"
      }
   }
}

Secure Example

Terraform

resource "aws_elasticsearch_domain" "es" {
  domain_name           = var.domain
  elasticsearch_version = "6.3"

  cluster_config {
    instance_type = "m4.large.elasticsearch"
  }

  vpc_options {
    subnet_ids = [
      data.aws_subnet_ids.selected.ids[0],
      data.aws_subnet_ids.selected.ids[1],
    ]

    security_group_ids = [aws_security_group.es.id]
  }

  advanced_options = {
    "rest.action.multi.allow_explicit_index" = "true"
  }
}

CloudFormation

"ElasticsearchDomain":{
   "Type":"AWS::Elasticsearch::Domain",
   "Properties":{
      "DomainName":"test",
      "ElasticsearchVersion": "6.3"
      "ElasticsearchClusterConfig":{
         "InstanceType":"m4.large.elasticsearch",
      },

      "VPCOptions" : {
        "SubnetIds" : [
          "SubnetId0",
          "SubnetId1",
        ],
        "SecurityGroupIds" : [
          "SecurityGroupId0",
          "SecurityGroupId1",
        ]
      },
      "AdvancedOptions":{
         "rest.action.multi.allow_explicit_index":"true"
      }
   }
}

More information

• AWS Docs
• Terraform Docs
• Cloudformation Docs