Control: 12 DMS endpoints for Redis OSS should have TLS enabled
Description
This control checks whether an AWS DMS endpoint for Redis OSS is configured with a TLS connection. The control fails if the endpoint doesn't have TLS enabled.
TLS provides end-to-end security when data is sent between applications or databases over the internet. When you configure SSL encryption for your DMS endpoint, it enables encrypted communication between the source and target databases during the migration process. This helps prevent eavesdropping and interception of sensitive data by malicious actors. Without SSL encryption, sensitive data may be accessed, resulting in data breaches, data loss, or other security incidents.
Remediation
To enable a TLS connection on DMS endpoints for Redis, see Using Redis as a target for AWS Database Migration Service in the AWS Database Migration Service User Guide.
Usage
Run the control in your terminal:
powerpipe control run aws_compliance.control.foundational_security_dms_12Snapshot and share results via Turbot Pipes:
powerpipe loginpowerpipe control run aws_compliance.control.foundational_security_dms_12 --shareSQL
This control uses a named query:
select arn as resource, case when endpoint_type <> 'TARGET' then 'skip' when redis_settings is null then 'skip' when (redis_settings ->> 'SslCaCertificateArn') is not null then 'ok' else 'alarm' end as status, case when endpoint_type <> 'TARGET' then title || ' endpoint is not of target type.' when redis_settings is null then title || ' endpoint is not of redis engine type.' when (redis_settings ->> 'SslCaCertificateArn') is not null then title || ' TLS/SSL enabled for redis data stores.' else title || ' TLS/SSL disabled for redis data stores.' end as reason , region, account_idfrom aws_dms_endpoint;