Control: OpenSearch domains internal user database should be disabled
Description
Ensure that AWS OpenSearch domain has internal user database disabled. This control is non-compliant if the OpenSearch domain internal user database is enabled.
Usage
Run the control in your terminal:
powerpipe control run aws_compliance.control.opensearch_domain_internal_user_database_disabledSnapshot and share results via Turbot Pipes:
powerpipe loginpowerpipe control run aws_compliance.control.opensearch_domain_internal_user_database_disabled --shareSQL
This control uses a named query:
select arn as resource, case when advanced_security_options ->> 'InternalUserDatabaseEnabled' = 'true' then 'alarm' else 'ok' end status, case when advanced_security_options ->> 'InternalUserDatabaseEnabled' = 'true' then title || ' internal user database enabled.' else title || ' internal user database disabled.' end reason , region, account_idfrom aws_opensearch_domain;