opensearch-audit-logging-enabled - AWS Config

opensearch-audit-logging-enabled

Checks if Amazon OpenSearch Service domains have audit logging enabled. The rule is NON_COMPLIANT if an OpenSearch Service domain does not have audit logging enabled.

Identifier: OPENSEARCH_AUDIT_LOGGING_ENABLED

Resource Types: AWS::OpenSearch::Domain

Trigger type: Configuration changes

AWS Region: All supported AWS regions

Parameters:

cloudWatchLogsLogGroupArnList (Optional)
Type: CSV

Comma-separated list of Amazon Resource Names (ARNs) for Amazon CloudWatch Logs log groups. The rule checks if the specified log groups are configured for audit logs.

Valid values include: arn:aws:logs:region:account-id:log-group:log_group_name:* and arn:aws:logs:region:account-id:log-group:log_group_name.

AWS CloudFormation template

To create AWS Config managed rules with AWS CloudFormation templates, see Creating AWS Config Managed Rules With AWS CloudFormation Templates.