ECS task definitions must enable in transit encryption for EFS

ecs

Description

Amazon ECS task definitions that mount Amazon Elastic File System (EFS) volumes must enable in transit encryption to ensure data is encrypted between the ECS host and the EFS server. In transit encryption provides an additional layer of security by preventing unauthorized access to data as it moves across the network.

When in transit encryption is disabled (the default), data is transmitted in plaintext, making it vulnerable to interception and unauthorized access. This is particularly important when handling sensitive or regulated data.

Remediation

Enable in transit encryption for all EFS volumes in your ECS task definitions by setting the transitEncryption parameter to "ENABLED" in the efsVolumeConfiguration. Refer to the Amazon EFS encryption in transit documentation for configuration details.