Ensure encryption is used for Elasticache

このページは日本語には対応しておりません。随時翻訳に取り組んでいます。翻訳に関してご質問やご意見ございましたら、お気軽にご連絡ください。

Metadata

ID: terraform-aws/aws-elasticache-no-encryption

Language: Terraform

Severity: Warning

Category: Security

Description

This rule is designed to ensure that traffic to and from your Elasticache instances is encrypted in transit, providing an additional layer of security to your data. Encryption is critical in protecting sensitive data from unauthorized access and potential data breaches. When transit encryption is enabled, all communication between clients and the server, as well as between the replication group nodes, is encrypted.

The importance of this rule lies in its ability to protect your sensitive data from being exposed during transmission. If your Elasticache data is intercepted while in transit and it’s not encrypted, the data could be read and used maliciously. This could have serious implications for your business, including loss of customer trust, regulatory penalties, and financial losses.

To adhere to this rule, make sure to set the transit_encryption_enabled attribute to true in your aws_elasticache_replication_group resource. This ensures that all data transmitted to and from your Elasticache instances is encrypted. Remember, security should be a primary concern in your code and infrastructure, and enabling encryption is a simple and effective way to enhance the security of your data.

Non-Compliant Code Examples

resource "aws_elasticache_replication_group" "example" {
    replication_group_id = "foo"
    replication_group_description = "bar"
}
resource "aws_elasticache_replication_group" "example" {
    replication_group_id = "foo"
    replication_group_description = "bar"
    transit_encryption_enabled = false
}

Compliant Code Examples

resource "aws_elasticache_replication_group" "example" {
    replication_group_id = "foo"
    replication_group_description = "bar"
    transit_encryption_enabled = true
}
https://static.datadoghq.com/static/images/logos/github_avatar.svg https://static.datadoghq.com/static/images/logos/vscode_avatar.svg jetbrains

Seamless integrations. Try Datadog Code Analysis