opensearch-encrypted-at-rest
Checks if Amazon OpenSearch Service domains have encryption at rest configuration enabled. The rule is NON_COMPLIANT if the EncryptionAtRestOptions
field is not enabled.
Note
The rule does not evaluate Elasticsearch domains.
Identifier: OPENSEARCH_ENCRYPTED_AT_REST
Resource Types: AWS::OpenSearch::Domain
Trigger type: Configuration changes
AWS Region: All supported AWS regions
Parameters:
- None
AWS CloudFormation template
To create AWS Config managed rules with AWS CloudFormation templates, see Creating AWS Config Managed Rules With AWS CloudFormation Templates.