AWS OpenSearch Domain Encryption-At-Rest Is Not Enabled

Overview

OpenSearch Service domains provide data-at-rest encryption, using AWS Key Management Service (AWS KMS) for managing encryption keys and AES-256 algorithm for encryption. When enabled, it encrypts all indexes (including UltraWarm storage), OpenSearch logs, swap files, other data in the application directory, and automated snapshots. This ensures strong security against unauthorized access. If not enabled, risk of unauthorized access to your data could increase.

Vendor

AWS

Cloud Service

OpenSearch

Opensearch.1

References

https://docs.aws.amazon.com/opensearch-service/latest/APIReference/API_EncryptionAtRestOptions.html, https://docs.aws.amazon.com/opensearch-service/latest/developerguide/encryption-at-rest.html

Severity

Item Types

AWS::OpenSearch::Domain

Overview​

Vendor​

Cloud Service​

Related Controls​

References​

Severity​

Item Types​