Amazon Elasticsearch Service now lets you configure your domains to require that all traffic be submitted over HTTPS so that you can ensure that communications between your clients and your domain are encrypted. You can also configure the minimum required TLS version to accept, with TLS 1.0 as the default. This option is a useful additional security control to ensure your clients are not misconfigured. For information on enabling this feature, see the documentation.
from Recent Announcements https://aws.amazon.com/about-aws/whats-new/2019/10/amazon-elasticsearch-service-provides-option-to-mandate-https/