lacework-global-161
OpenSearch Domain should have Encryption with KMS (Customer Managed Keys)
Description
OpenSearch Domain can contain important data that should not be accessible to unauthorized users. Encrypting the data with Customer Managed Keys can provide an extra level of security to the data in OpenSearch domain.
Remediation
Log in to the AWS Management Console.
Click Services.
Select OpenSearch.
Select the OpenSearch domain that is shown as violated.
Copy all the configurations from the violated domain.
Create a new domain with same configuration with Encryption at Rest field enabled and use Key which is Customer Managed and not AWS Managed.
Move data from violated OpenSearch domain to newly created domain.
Delete the violated OpenSearch domain.