AWS036 - Elasticache Replication Group uses unencrypted traffic.

Written by tfsec

Explanation

Traffic flowing between Elasticache replication nodes should be encrypted to ensure sensitive data is kept private.

Insecure Example

The following example will fail the AWS036 check.

resource "aws_elasticache_replication_group" "bad_example" {
        replication_group_id = "foo"
        replication_group_description = "my foo cluster"

        transit_encryption_enabled = false
}

Secure Example

The following example will pass the AWS036 check.

resource "aws_elasticache_replication_group" "good_example" {
        replication_group_id = "foo"
        replication_group_description = "my foo cluster"

        transit_encryption_enabled = true
}

Related Links

• https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/elasticache_replication_group#transit_encryption_enabled

• https://docs.aws.amazon.com/AmazonElastiCache/latest/red-ug/in-transit-encryption.html

---