OpenSearch domains should encrypt data sent between nodes

opensearch
Cette page n'est pas encore disponible en français, sa traduction est en cours.
Si vous avez des questions ou des retours sur notre projet de traduction actuel, n'hésitez pas à nous contacter.

Description

This check determines if node-to-node encryption is activated for OpenSearch domains. Using HTTPS (TLS) can help prevent potential attackers from intercepting or altering network traffic through man-in-the-middle or similar attacks. Only secure connections via HTTPS (TLS) should be permitted. Activating node-to-node encryption for OpenSearch domains ensures that intra-cluster communications are securely encrypted while in transit.

Enabling this feature may come with a performance impact. It’s critical to understand and evaluate the performance implications before enabling this option.

Remediation

To activate node-to-node encryption for an OpenSearch domain, refer to Enabling node-to-node encryption in the Amazon OpenSearch Service Developer Guide.