AWS ElasticSearch supports encryption at rest via console and API. The boto api seems to have a facility for enabling this and use a custom KMS key. I couldn't find a way to configure this using cloudformation template. Is it not supported yet or am I missing it?
ElasticSearch cloudformation documentation:- https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-elasticsearch-domain.html
Yes As of today AWS CloudFormation doesn't support option to specify "Encryption at rest". besides its available with AWS CLI and aws sdks like java or boto3.
http://boto3.readthedocs.io/en/latest/reference/services/es.html
https://docs.aws.amazon.com/cli/latest/reference/es/create-elasticsearch-domain.html
Found that we can use terraform to deploy aws resources with all the options needed (including encryption at rest). Below is documentation.
https://www.terraform.io/docs/providers/aws/r/elasticsearch_domain.html
Hope that helps.
Already added to CloudFormation https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-elasticsearch-domain-encryptionatrestoptions.html
