The AWS Elasticsearch Service makes it possible to host sensitive workloads with node-to-node encryption by using Transport Layer Security (TLS) for all communications between instances in a cluster.
Using node-to-node encryption ensures that any data you send to your Amazon Elasticsearch Service domain over HTTPS, remains encrypted in-flight while it is being distributed and replicated between the nodes.
To enable the feature, you must create another domain and migrate your data.
Using the AWS Console, follow these steps:
- Log in to the AWS Management Console at https://console.aws.amazon.com/.
- Navigate to the Analytics section, select Elasticsearch Service.
- To enable node-to-node encryption when you configure a new cluster, select Node-to-node encryption.
Resources: ElasticsearchDomain: Type: AWS::Elasticsearch::Domain Properties: ... NodeToNodeEncryptionOptions: + Enabled: True
Updated about 1 month ago