OpenSearch domains should have encryption at rest enabled

이 페이지는 아직 한국어로 제공되지 않으며 번역 작업 중입니다. 번역에 관한 질문이나 의견이 있으시면 언제든지 저희에게 연락해 주십시오.

Description

This check ensures an OpenSearch domain has encryption-at-rest enabled. To enhance security for sensitive information, it’s important to configure your OpenSearch Service domain for encryption at rest. With this setup, AWS Key Management Service (KMS) stores and manages your encryption keys, utilizing the Advanced Encryption Standard 256-bit algorithm (AES-256) for encryption. For additional details, refer to the section on data encryption at rest for Amazon OpenSearch Service in the Amazon OpenSearch Service Developer Guide.

Remediation

For a guide on enabling encryption at rest for both new and existing OpenSearch domains, please refer to the Enabling encryption of data at rest section in the Amazon OpenSearch Service Developer Guide.