Skip to main content


OpenSearch Domain should have Encryption At Rest enabled


OpenSearch Domain can contain important data that should not be accessible to unauthorized users. Encrypting the data can provide an extra level of security to the data in OpenSearch domain.


  1. Log in to the AWS Management Console.
  2. Click Services.
  3. Select OpenSearch.
  4. Select the violating OpenSearch domain.
  5. Select the Security configuration tab.
  6. Click Edit.
  7. Under Encryption, select Enable encryption of data at rest.
  8. Choose an AWS Key Management Service (KMS) key.
  9. Click Save changes.