By Implementation

Service Control PoliciesConfig RulesAuto Remediation RulesConformance PacksAmazon GuardDutyAmazon InspectorAWS Security HubAWS Network FirewallRoute53 Resolver SecurityAmazon MacieS3 Bucket PoliciesCloudWatch Alarms and Event RulesAWS WAFAWS Secrets ManagerAWS Systems ManagerSecurity Groups & NACLsAWS KMSIAM PoliciesAmazon ECRRDS Event Subscriptions

By Service Protected

Configuration Packages

Strategy Guides

Other

OpenSearch/Elasticsearch Security Controls

A collection of AWS Security controls for Amazon OpenSearch (Formerly Amazon Elasticsearch). Controls include templates to provision Amazon OpenSearch domains, CloudWatch events and alarms for monitoring as well as Config rules. Configuration templates are available in AWS CloudFormation, AWS CLI and Terraform

OpenSearch

Configuration template to provision an OpenSearch Domain (formerly Amazon Elasticsearch Domain), with settings such as VPC access, number of master and data nodes, encryption (at-rest and node-to-node), logging settings, and more.

CloudFormationTerraformAWS CLI
Config Rule

A config rule that checks whether Amazon Elasticsearch Service (Amazon ES) domains have encryption at rest configuration enabled

CloudFormationTerraformAWS CLI

A config rule that checks whether whether the ElasticSearch Domains are in VPC and not as a public endpoint

CloudFormationTerraformAWS CLI

A Config rule that checks that Amazon ElasticSearch Service nodes are encrypted end to end. The rule is NON_COMPLIANT if the node-to-node encryption is disabled on the domain.

CloudFormationTerraformAWS CLI
OpenSearch
Config Rule