Checks whether connections to OpenSearch domains are using HTTPS. The rule is NON_COMPLIANT if the Amazon OpenSearch domain 'EnforceHTTPS' is not 'true' or is 'true' and 'TLSSecurityPolicy' is not in '`tlsPolicies`'.

This config rule supports the following parameters:

  • tlsPolicies
    • Required: No
    • Type: CSV
    • Description:Comma-separated list of TLS security policies to check against the Amazon OpensSearch domain.

CloudFormation Template