turbot/aws_compliance

Control: 5 ElastiCache for Redis replication groups should be encrypted in transit

Description

This control checks if ElastiCache for Redis replication groups are encrypted in transit. This control fails if an ElastiCache for Redis replication group isn't encrypted in transit.

Encrypting data in transit reduces the risk that an unauthorized user can eavesdrop on network traffic. Enabling encryption in transit on an ElastiCache for Redis replication group encrypts your data whenever it's moving from one place to another, such as between nodes in your cluster or between your cluster and your application.

Remediation

To configure in-transit encryption on an ElastiCache for Redis replication group, see Enabling in-transit encryption in the Amazon ElastiCache User Guide.

Usage

Run the control in your terminal:

powerpipe control run aws_compliance.control.foundational_security_elasticache_5

Snapshot and share results via Turbot Pipes:

powerpipe login
powerpipe control run aws_compliance.control.foundational_security_elasticache_5 --share

SQL

This control uses a named query:

elasticache_replication_group_encryption_in_transit_enabled

Tags