Is your feature request related to a problem? Please describe.

AWS OpenSearch Domains support several TLS termination policies. The default supports TLS 1.0, which is deprecated and should be disabled.

Describe the solution you'd like

Check that every OpenSearch Domain is using the strongest TLS termination policy available. At the moment, this is "Policy-Min-TLS-1-2-PFS-2023-10". One can check using the following AWS CLI command:

aws es describe-elasticsearch-domain-config --domain-name <DOMAIN>

See https://docs.aws.amazon.com/opensearch-service/latest/APIReference/API_DomainEndpointOptions.html for more information on TLS termination policies for AWS OpenSearch.

Describe alternatives you've considered

N/A

Additional context

There are also related settings for CloudSearch and Elastic Search. Those should be checked as well.