Amazon Elasticsearch Service now supports node-to-node encryption, enabling organizations to host sensitive workloads with stringent security and compliance requirements. The node-to-node encryption capability provides an additional layer of security by implementing Transport Layer Security (TLS) for all communications between Elasticsearch instances in a cluster. It ensures that any data you send to your Amazon Elasticsearch Service domain over HTTPS remains encrypted in-flight while it is being distributed and replicated between the nodes. Node-to-node encryption complements existing features provided by the service such as HTTPS client to cluster encryption, at-rest encryption, and Virtual Private Cloud (VPC) based network-level security and isolation for node-to-node communication. All certificates are deployed and rotated automatically by the service throughout the life of the domain, without any additional operational overhead.