Updated on 2025-01-22 GMT+08:00

CSS Clusters Are Not Publicly Accessible

Rule Details

Table 1 Rule details

Parameter

Description

Rule Name

css-cluster-no-public-zone

Identifier

css-cluster-no-public-zone

Description

If a CSS cluster has public access enabled, this cluster is noncompliant.

Tag

css

Trigger Type

Configuration change

Filter Type

css.clusters

Configure Rule Parameters

None

Applicable Scenario

You can disable public access for noncompliant CSS clusters especially when there is sensitive data in those clusters. For details, see Configuring Public Network Access for an Elasticsearch Cluster.

Solution

You can call the Disabling Public Network Access API to disable public access for CSS clusters.

Rule Logic

  • If a CSS cluster has public access enabled, this cluster is noncompliant.
  • If a CSS cluster does not have public access enabled, this cluster is compliant.