Elasticsearch domain should enable encryption
Cette page n'est pas encore disponible en français, sa traduction est en cours.
Si vous avez des questions ou des retours sur notre projet de traduction actuel,
n'hésitez pas à nous contacter.
Description
Implement encryption at rest for your Amazon Elasticsearch (ES) domain with the AWS KMS service.
Rationale
Implementing encryption at rest protects your domain from unauthorized access and ensures security and compliance requirements are met.
From the console
Follow the Enabling Encryption of Data at Rest docs to learn how to implement encryption for your domain.
From the command line
Run describe-elasticsearch-domain
with your ES domain to return configuration metadata.
aws es describe-elasticsearch-domain
--domain-name your-es-domain
Run create-elasticsearch-domain
with your domain name and encryption-at-rest-options
. Use the metadata returned in the previous step to create and relaunch your ES domain to enable at-rest encryption.
aws es create-elasticsearch-domain
--domain-name your-es-domain
...
--encryption-at-rest-options Enabled=true,KmsKeyId="abcdabcd-aaaa-bbbb-cccc-abcdabcdabcd"