Amazon OpenSearch Service now supports index-level encryption

Amazon OpenSearch Service now supports index-level encryption, enabling you to encrypt data at rest on a per-index basis using AWS Key Management Service (KMS) customer managed keys. You can use different customer managed keys for different indexes on the same domain, enabling more granular, tenant-specific encryption policies. Index-level encryption builds on the existing [encryption at rest](https://docs.aws.amazon.com/opensearch-service/latest/developerguide/encryption-at-rest.html) capability in Amazon OpenSearch Service. While domain-level encryption uses a single AWS KMS key to encrypt all data on a domain, index-level encryption lets you specify a customer managed key for each index, isolating encrypted data across indexes. To get started, register your KMS key using the Amazon OpenSearch Service API, then specify the key ARN in the index settings when creating an encrypted index. Index-level encryption is available at no additional cost for Amazon OpenSearch Service domains running OpenSearch version 3.3 or later. This feature is available in 14 AWS Regions: US West (Oregon), US East (Ohio), US East (N. Virginia), South America (São Paulo), Europe (Paris), Europe (London), Europe (Ireland), Europe (Frankfurt), Canada (Central), Asia Pacific (Tokyo), Asia Pacific (Sydney), Asia Pacific (Singapore), Asia Pacific (Seoul), and Asia Pacific (Mumbai). To learn more, see [Index-level encryption](https://docs.aws.amazon.com/opensearch-service/latest/developerguide/index-level-encryption.html) in the Amazon OpenSearch Service Developer Guide.