Control: DMS endpoints for Redis OSS should have TLS enabled
Description
This control checks whether an AWS DMS endpoint for Redis OSS is configured with a TLS connection. The control fails if the endpoint doesn't have TLS enabled.
Usage
Run the control in your terminal:
powerpipe control run aws_compliance.control.dms_endpoint_redis_tls_enabled
Snapshot and share results via Turbot Pipes:
powerpipe loginpowerpipe control run aws_compliance.control.dms_endpoint_redis_tls_enabled --share
SQL
This control uses a named query:
select arn as resource, case when endpoint_type <> 'TARGET' then 'skip' when redis_settings is null then 'skip' when (redis_settings ->> 'SslCaCertificateArn') is not null then 'ok' else 'alarm' end as status, case when endpoint_type <> 'TARGET' then title || ' endpoint is not of target type.' when redis_settings is null then title || ' endpoint is not of redis engine type.' when (redis_settings ->> 'SslCaCertificateArn') is not null then title || ' TLS/SSL enabled for redis data stores.' else title || ' TLS/SSL disabled for redis data stores.' end as reason , region, account_idfrom aws_dms_endpoint;