Instance with unencrypted Elastic search (TCP:9200) is potentially exposed to the public internet

Risk Level: High
Cloud Entity: Amazon EC2 Instance
CloudGuard Rule ID: D9.AWS.NET.AG2.1.Instance.9200.TCP
Covered by Spectral: No
Category: Compute

GSL LOGIC

Instance where isPublic=true and nics contain [ subnet.routeTable.associations length()>0 ] and nics contain [ subnet.routeTable.routes contain [ destinationCidrBlock='0.0.0.0/0' and gatewayId regexMatch /gw/ ] ] should not have inboundRules contain [ port<=9200  and portTo>=9200  and protocol in ('TCP', 'ALL') and scope isPublic() and scope numberOfHosts()>=32 ]

REMEDIATION

It is recommended to remove the rules that allow permissive SSH/Remote/Admin access.

If public interface exists, remove it and limit the access scope within the VPC only to applications or instances that requires access.

Amazon Reference: http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/authorizing-access-to-an-instance.html

As a further protection, use CloudGuard Dynamic Access Leasing to limit access to SSH/Remote Desktop only from allowed sources and only when needed.
For more information please refer to: https://sc1.checkpoint.com/documents/CloudGuard_Dome9/Documentation/Network-Security/DynAccessLease.html?tocpath=Network%20Security%7C_____3

Amazon EC2 Instance

Amazon Elastic Compute Cloud (Amazon EC2) is a web service that provides secure, resizable compute capacity in the cloud. It is designed to make web-scale cloud computing easier for developers.

Compliance Frameworks

• BP-0318
• CCMV301
• ERM
• GDPR
• ISO27001
• LGPD
• MAS-TRM
• NETWSEC-V2
• NIST-CSF
• NIST800534
• PCIDSS32
• SERM
• SOC2