Amazon Elasticsearch Service provides option to mandate HTTPS
Amazon Elasticsearch Service now lets you configure your domains to require that all traffic be submitted over HTTPS so that you can ensure that communications between your clients and your domain are encrypted. You can also configure the minimum required TLS version to accept. This option is a useful additional security control to ensure your clients are not misconfigured. For information on enabling this feature, see the documentation.
The require HTTPS configuration is now available for Amazon Elasticsearch Service domains across 21 regions globally: US East (N. Virginia, Ohio), US West (Oregon, N. California), AWS GovCloud (US-Gov-East, US-Gov-West), Canada (Central), South America (Sao Paulo), EU (Ireland, London, Frankfurt, Paris, Stockholm), Asia Pacific (Singapore, Sydney, Tokyo, Seoul, Mumbai, Hong Kong), and China (Beijing – operated by Sinnet, Ningxia – operated by NWCD). Please refer to the AWS Region Table for more information about Amazon Elasticsearch Service availability.