- 필수 기능
- 시작하기
- Glossary
- 표준 속성
- Guides
- Agent
- 통합
- 개방형텔레메트리
- 개발자
- Administrator's Guide
- API
- Datadog Mobile App
- CoScreen
- Cloudcraft
- 앱 내
- 서비스 관리
- 인프라스트럭처
- 애플리케이션 성능
- APM
- Continuous Profiler
- 스팬 시각화
- 데이터 스트림 모니터링
- 데이터 작업 모니터링
- 디지털 경험
- 소프트웨어 제공
- 보안
- AI Observability
- 로그 관리
- 관리
ID: terraform-aws/aws-elasticache-no-encryption
Language: Terraform
Severity: Warning
Category: Security
This rule is designed to ensure that traffic to and from your Elasticache instances is encrypted in transit, providing an additional layer of security to your data. Encryption is critical in protecting sensitive data from unauthorized access and potential data breaches. When transit encryption is enabled, all communication between clients and the server, as well as between the replication group nodes, is encrypted.
The importance of this rule lies in its ability to protect your sensitive data from being exposed during transmission. If your Elasticache data is intercepted while in transit and it’s not encrypted, the data could be read and used maliciously. This could have serious implications for your business, including loss of customer trust, regulatory penalties, and financial losses.
To adhere to this rule, make sure to set the transit_encryption_enabled
attribute to true
in your aws_elasticache_replication_group
resource. This ensures that all data transmitted to and from your Elasticache instances is encrypted. Remember, security should be a primary concern in your code and infrastructure, and enabling encryption is a simple and effective way to enhance the security of your data.
resource "aws_elasticache_replication_group" "example" {
replication_group_id = "foo"
replication_group_description = "bar"
}
resource "aws_elasticache_replication_group" "example" {
replication_group_id = "foo"
replication_group_description = "bar"
transit_encryption_enabled = false
}
resource "aws_elasticache_replication_group" "example" {
replication_group_id = "foo"
replication_group_description = "bar"
transit_encryption_enabled = true
}