Amazon OpenSearch Service now supports index-level encryption

Amazon Web Services has introduced index-level encryption for its OpenSearch Service, allowing organizations to encrypt data at rest on a per-index basis using AWS Key Management Service customer managed keys. The new capability enables users to apply different customer managed keys to different indexes within the same domain, providing more granular and tenant-specific encryption policies than the existing domain-level encryption approach. The feature builds upon OpenSearch Service's existing encryption at rest functionality, which previously used a single AWS KMS key to encrypt all data on a domain. With index-level encryption, administrators can now register KMS keys through the Amazon OpenSearch Service API and specify the key ARN in index settings when creating encrypted indexes. This isolation of encrypted data across indexes addresses compliance and security requirements for multi-tenant environments where different data sets require separate encryption controls. Index-level encryption is available at no additional cost for Amazon OpenSearch Service domains running OpenSearch version 3.3 or later, and has been rolled out across 14 AWS regions including major markets in North America, Europe, South America, and Asia Pacific.