Overview
A Config rule that checks whether Amazon Elasticsearch Service (Amazon ES) domains have encryption at rest configuration enabled. The rule is NON_COMPLIANT if the EncryptionAtRestOptions field is not enabled.
Configuration Templates
TerraformItems
1
Size
0.7 KB
AWSTemplateFormatVersion: '2010-09-09'
Description: ''
Resources:
ConfigRule:
Type: 'AWS::Config::ConfigRule'
Properties:
ConfigRuleName: elasticsearch-encrypted-at-rest
Description: >-
A Config rule that checks whether Amazon Elasticsearch Service (Amazon
ES) domains have encryption at rest configuration enabled. The rule is
NON_COMPLIANT if the EncryptionAtRestOptions field is not enabled.
Scope:
ComplianceResourceTypes: []
Source:
Owner: AWS
SourceIdentifier: ELASTICSEARCH_ENCRYPTED_AT_REST
MaximumExecutionFrequency: TwentyFour_Hours
Parameters: {}
Metadata: {}
Conditions: {}
Actions
Customize Template
Sources and Documentation
Configuration Source: AWS Documentation
Additional Documentation:
- AWS Documentation: Setting up AWS Config Managed Rules
- AWS Documentation: AWS Config Managed Rules Overview
- CloudFormation Reference Guide: Create an AWS Config Rule
- AWS CLI Command Reference Guide: Create an AWS Config Rule