Ensure encryption is used for Elasticache

이 페이지는 아직 한국어로 제공되지 않으며 번역 작업 중입니다. 번역에 관한 질문이나 의견이 있으시면 언제든지 저희에게 연락해 주십시오.

Metadata

ID: terraform-aws/aws-elasticache-no-encryption

Language: Terraform

Severity: Warning

Category: Security

Description

This rule is designed to ensure that traffic to and from your Elasticache instances is encrypted in transit, providing an additional layer of security to your data. Encryption is critical in protecting sensitive data from unauthorized access and potential data breaches. When transit encryption is enabled, all communication between clients and the server, as well as between the replication group nodes, is encrypted.

The importance of this rule lies in its ability to protect your sensitive data from being exposed during transmission. If your Elasticache data is intercepted while in transit and it’s not encrypted, the data could be read and used maliciously. This could have serious implications for your business, including loss of customer trust, regulatory penalties, and financial losses.

To adhere to this rule, make sure to set the transit_encryption_enabled attribute to true in your aws_elasticache_replication_group resource. This ensures that all data transmitted to and from your Elasticache instances is encrypted. Remember, security should be a primary concern in your code and infrastructure, and enabling encryption is a simple and effective way to enhance the security of your data.

Non-Compliant Code Examples

resource "aws_elasticache_replication_group" "example" {
    replication_group_id = "foo"
    replication_group_description = "bar"
}
resource "aws_elasticache_replication_group" "example" {
    replication_group_id = "foo"
    replication_group_description = "bar"
    transit_encryption_enabled = false
}

Compliant Code Examples

resource "aws_elasticache_replication_group" "example" {
    replication_group_id = "foo"
    replication_group_description = "bar"
    transit_encryption_enabled = true
}