ElastiCache Replication Group Not Encrypted At Transit
- Query id: 1afbb3fa-cf6c-4a3d-b730-95e9f4df343e
- Query name: ElastiCache Replication Group Not Encrypted At Transit
- Platform: Terraform
- Severity: Medium
- Category: Encryption
- URL: Github
Description¶
ElastiCache Replication Group encryption should be enabled at Transit
Documentation
Code samples¶
Code samples with security vulnerabilities¶
Positive test num. 1 - tf file
resource "aws_elasticache_replication_group" "example" {
automatic_failover_enabled = true
availability_zones = ["us-west-2a", "us-west-2b"]
replication_group_id = "tf-rep-group-1"
replication_group_description = "test description"
node_type = "cache.m4.large"
number_cache_clusters = 2
port = 6379
}
Positive test num. 2 - tf file
resource "aws_elasticache_replication_group" "example" {
automatic_failover_enabled = true
availability_zones = ["us-west-2a", "us-west-2b"]
replication_group_id = "tf-rep-group-1"
replication_group_description = "test description"
node_type = "cache.m4.large"
number_cache_clusters = 2
port = 6379
transit_encryption_enabled = false
}
Code samples without security vulnerabilities¶
Negative test num. 1 - tf file
resource "aws_elasticache_replication_group" "example3" {
automatic_failover_enabled = true
availability_zones = ["us-west-2a", "us-west-2b"]
replication_group_id = "tf-rep-group-1"
replication_group_description = "test description"
node_type = "cache.m4.large"
number_cache_clusters = 2
port = 6379
at_rest_encryption_enabled = true
transit_encryption_enabled = true
}