ECS task definitions must enable in transit encryption for EFS

ecs
이 페이지는 아직 영어로 제공되지 않습니다. 번역 작업 중입니다.
현재 번역 프로젝트에 대한 질문이나 피드백이 있으신 경우 언제든지 연락주시기 바랍니다.

Description

Amazon ECS task definitions that mount Amazon Elastic File System (EFS) volumes must enable in transit encryption to ensure data is encrypted between the ECS host and the EFS server. In transit encryption provides an additional layer of security by preventing unauthorized access to data as it moves across the network.

When in transit encryption is disabled (the default), data is transmitted in plaintext, making it vulnerable to interception and unauthorized access. This is particularly important when handling sensitive or regulated data.

Remediation

Enable in transit encryption for all EFS volumes in your ECS task definitions by setting the transitEncryption parameter to "ENABLED" in the efsVolumeConfiguration. Refer to the Amazon EFS encryption in transit documentation for configuration details.