- 필수 기능
- 시작하기
- Glossary
- 표준 속성
- Guides
- Agent
- 통합
- 개방형텔레메트리
- 개발자
- Administrator's Guide
- API
- Datadog Mobile App
- CoScreen
- Cloudcraft
- 앱 내
- 서비스 관리
- 인프라스트럭처
- 애플리케이션 성능
- APM
- Continuous Profiler
- 스팬 시각화
- 데이터 스트림 모니터링
- 데이터 작업 모니터링
- 디지털 경험
- 소프트웨어 제공
- 보안
- AI Observability
- 로그 관리
- 관리
ID: terraform-aws/aws-msk-broker-no-encryption
Language: Terraform
Severity: Warning
Category: Security
This rule is designed to ensure that all broker communication within your AWS MSK Cluster is encrypted. It is important because unencrypted communication within your broker can expose sensitive data and make your system vulnerable to unauthorized access and data breaches.
In the context of AWS MSK (Managed Streaming for Apache Kafka), the client_broker
argument in the encryption_in_transit
block should be set to “TLS”. This ensures that all data transmitted between the client and the broker is encrypted. By doing so, you are adding an extra layer of security to your data, making it harder for unauthorized users to gain access.
The non-compliant code samples show that the client_broker
argument is either set to “TLS_PLAINTEXT”, which means that the data is not encrypted, or the client_broker
argument is missing entirely. Both of these scenarios do not comply with the rule and can lead to security vulnerabilities.
To comply with this rule, ensure that the client_broker
argument in the encryption_in_transit
block is always set to “TLS”. This ensures that all broker communication is encrypted, thus enhancing the security of your data.
resource "aws_msk_cluster" "my_kafka_cluster" {
encryption_info {
encryption_in_transit {
client_broker = "TLS_PLAINTEXT"
in_cluster = true
}
}
}
resource "aws_msk_cluster" "my_kafka_cluster" {
encryption_info {
encryption_in_transit {
in_cluster = true
}
}
}
resource "aws_msk_cluster" "my_kafka_cluster" {
encryption_info {
encryption_in_transit {
client_broker = "TLS"
in_cluster = true
}
}
}