Ensure encryption is used for Elasticache
Cette page n'est pas encore disponible en français, sa traduction est en cours.
Si vous avez des questions ou des retours sur notre projet de traduction actuel,
n'hésitez pas à nous contacter.
ID: terraform-aws/aws-elasticache-no-encryption
Language: Terraform
Severity: Warning
Category: Security
Description
This rule is designed to ensure that traffic to and from your Elasticache instances is encrypted in transit, providing an additional layer of security to your data. Encryption is critical in protecting sensitive data from unauthorized access and potential data breaches. When transit encryption is enabled, all communication between clients and the server, as well as between the replication group nodes, is encrypted.
The importance of this rule lies in its ability to protect your sensitive data from being exposed during transmission. If your Elasticache data is intercepted while in transit and it’s not encrypted, the data could be read and used maliciously. This could have serious implications for your business, including loss of customer trust, regulatory penalties, and financial losses.
To adhere to this rule, make sure to set the transit_encryption_enabled
attribute to true
in your aws_elasticache_replication_group
resource. This ensures that all data transmitted to and from your Elasticache instances is encrypted. Remember, security should be a primary concern in your code and infrastructure, and enabling encryption is a simple and effective way to enhance the security of your data.
Non-Compliant Code Examples
resource "aws_elasticache_replication_group" "example" {
replication_group_id = "foo"
replication_group_description = "bar"
}
resource "aws_elasticache_replication_group" "example" {
replication_group_id = "foo"
replication_group_description = "bar"
transit_encryption_enabled = false
}
Compliant Code Examples
resource "aws_elasticache_replication_group" "example" {
replication_group_id = "foo"
replication_group_description = "bar"
transit_encryption_enabled = true
}