Ensure Elasticsearch is enforcing encryption at rest
When running AWS ES clusters, all data should be encrypted at rest. For an added layer of security a Customer Managed Key (CMK) should be leveraged vs the default key provided by AWS. For this reason it is considered a security best practice to enforce encryption at rest with a customer managed key. Ensuring this will help you with NIST, HIPPA and GDPR compliance.