Control: 5 ElastiCache for Redis replication groups should be encrypted in transit
Description
This control checks if ElastiCache for Redis replication groups are encrypted in transit. This control fails if an ElastiCache for Redis replication group isn't encrypted in transit.
Encrypting data in transit reduces the risk that an unauthorized user can eavesdrop on network traffic. Enabling encryption in transit on an ElastiCache for Redis replication group encrypts your data whenever it's moving from one place to another, such as between nodes in your cluster or between your cluster and your application.
Remediation
To configure in-transit encryption on an ElastiCache for Redis replication group, see Enabling in-transit encryption in the Amazon ElastiCache User Guide.
Usage
Run the control in your terminal:
powerpipe control run aws_compliance.control.foundational_security_elasticache_5
Snapshot and share results via Turbot Pipes:
powerpipe loginpowerpipe control run aws_compliance.control.foundational_security_elasticache_5 --share
SQL
This control uses a named query:
elasticache_replication_group_encryption_in_transit_enabled