EncryptionAtRestOptions - Amazon OpenSearch Service


Specifies whether the domain should encrypt data at rest, and if so, the Key Management Service (KMS) key to use. Can be used only to create a new domain, not update an existing one.



True to enable encryption at rest.

Type: Boolean

Required: No


The KMS key ID. Takes the form 1a2a3a4-1a2a-3a4a-5a6a-1a2a3a4a5a6a.

Type: String

Length Constraints: Minimum length of 1. Maximum length of 500.

Pattern: .*

Required: No

See Also

For more information about using this API in one of the language-specific AWS SDKs, see the following: