prowler-cloud
False Positive: AWS Opensearch domain is reported as publicly accessible when Opensearch is within VPC
Steps to Reproduce
An Amazon Opensearch service domain within a VPC.
Running prowler reports that Opensearch domain {domain.name} policy allows access (Principal: '*').
python -m prowler aws -c opensearch_service_domains_not_publicly_accessible
Expected behavior
Prowler should either detect that the service domain is running within a VPC (and therefore is not inherently publicly accessible), or provide a false-positive notice.
Actual Result with Screenshots or Logs
{
...
"severity_id": 5,
"severity": "Critical",
"status": "New",
"status_code": "FAIL",
"status_detail": "Opensearch domain test-es policy allows access (Principal: '*').",
"status_id": 1,
...
}
How did you install Prowler?
From pip package (pip install prowler)
Environment Resource
Workstation
OS used
Kali Linux
Prowler version
4.2.4
Pip version
24.0
Context
You can't apply IP-based access policies to domains that reside within a VPC because security groups already enforce IP-based access policies.
Hey! @huner2 how are you? We are investigating this issue right now. Once that a decission it's taken we will reach you with a solution / update. Thanks for using Prowler! 😄
Hey @pedrooot is this issue some to big that I could help out with. Or is the prowler team already got it covered?
Thanks
Hello @abant07, currently @puchy22 is working on this issue.
Thanks for offering a hand on this.
No worries,
Do you guys have any specific issues that I could work on?
Thanks
Hi @huner2,
I have addressed the case you mentioned in this PR. Could you please review the changes and let me know if they meet your requirements or if further modifications are needed?
Thank you for using Prowler! 🚀
Thank you @puchy22, after reviewing the PR I think it looks great. All requirements are met!