# opensearch-node-to-node-encryption-check
<a name="opensearch-node-to-node-encryption-check"></a>

Check if Amazon OpenSearch Service nodes are encrypted end to end. The rule is NON\$1COMPLIANT if the node-to-node encryption is not enabled on the domain 

**Note**  
The rule does not evaluate Elasticsearch domains.



**Identifier:** OPENSEARCH\$1NODE\$1TO\$1NODE\$1ENCRYPTION\$1CHECK

**Resource Types:** AWS::OpenSearch::Domain

**Trigger type:** Configuration changes

**AWS Region:** All supported AWS regions except Asia Pacific (New Zealand), China (Beijing), Asia Pacific (Thailand), Middle East (UAE), Asia Pacific (Hyderabad), Asia Pacific (Malaysia), Asia Pacific (Melbourne), AWS GovCloud (US-East), AWS GovCloud (US-West), Mexico (Central), Israel (Tel Aviv), Asia Pacific (Taipei), Canada West (Calgary), Europe (Spain), China (Ningxia), Europe (Zurich) Region

**Parameters:**

None  

## AWS CloudFormation template
<a name="w2aac20c16c17b7e1195c21"></a>

To create AWS Config managed rules with AWS CloudFormation templates, see [Creating AWS Config Managed Rules With AWS CloudFormation Templates](aws-config-managed-rules-cloudformation-templates.md).