Ensure node-to-node encryption is enabled for OpenSearch clusters

Security & Compliance

Node-to-node encryption for OpenSearch clusters ensures that all communication between nodes in the cluster is encrypted, providing an additional layer of security for data in transit. This helps to protect against data interception and unauthorized access.


To ensure node-to-node encryption is enabled for OpenSearch clusters, follow these remediation steps:

  1. Open the Amazon OpenSearch Service console.
  2. Navigate to the cluster for which you want to enable node-to-node encryption.
  3. Click on the "Edit" button.
  4. Scroll down to the "Security" section and click on the "Configure" button next to "Node-to-node encryption".
  5. Select "Require node-to-node encryption" and click on "Save changes".
  6. Wait for the cluster to apply the changes.

Once node-to-node encryption is enabled, all communication between nodes in the OpenSearch cluster will be encrypted, helping to protect your data in transit.

Enforced Resources
Note: Remediation steps provided by Lightlytics are meant to be suggestions and guidelines only. It is crucial to thoroughly verify and test any remediation steps before applying them to production environments. Each organization's infrastructure and security needs may differ, and blindly applying suggested remediation steps without proper testing could potentially cause unforeseen issues or vulnerabilities. Therefore, it is strongly recommended that you validate and customize any remediation steps to meet your organization's specific requirements and ensure that they align with your security policies and best practices.