Ensure KMS customer managed keys are used for encryption for AWS ElasticSearch Domains

OpenSearch (formerly named ElastiSearch) can encrypt data at rest using customer managed keys stored in AWS KMS. Encrypting data at rest is considered best practice and can help protect sensitive data. For more information, see the AWS documentation.
References:
https://docs.aws.amazon.com/opensearch-service/latest/developerguide/encryption-at-rest.html

In AWS Console -

1. Sign in to AWS Console and go to the Elasticsearch (ES) dashboard.
2. Click on the ES domain.
3. Open the domain configuration page.
4. Check if Encryption at rest is enabled and check the KMS master key is set.

In Terraform -

1. In the aws_elasticsearch_domain resource, set the encrypt_at_rest.enabled field to true.
2. Set the encrypt_at_rest.kms_key_id to a valid KMS key ARN.

References:
https://docs.aws.amazon.com/opensearch-service/latest/developerguide/encryption-at-rest.html
https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/elasticsearch_domain#encrypt_at_rest