opensearch-https-required - AWS Config


Checks whether connections to OpenSearch domains are using HTTPS. The rule is NON_COMPLIANT if the Amazon OpenSearch domain 'EnforceHTTPS' is not 'true' or is 'true' and 'TLSSecurityPolicy' is not in 'tlsPolicies'.


Resource Types: AWS::OpenSearch::Domain

Trigger type: Configuration changes

AWS Region: All supported AWS regions


tlsPolicies (Optional)
Type: CSV

Comma-separated list of TLS security policies to check against the Amazon OpensSearch domain.

AWS CloudFormation template

To create AWS Config managed rules with AWS CloudFormation templates, see Creating AWS Config Managed Rules With AWS CloudFormation Templates.