Ensure AWS Appsync API Cache is encrypted in transit

Error: AWS Appsync API Cache is not encrypted in transit

Bridgecrew Policy ID: BC_AWS_GENERAL_140
Checkov Check ID: CKV_AWS_215
Severity: LOW

AWS Appsync API Cache is not encrypted in transit

Description

This policy identifies the AWS Appsync API that are configured with disabled in-transit data encryption. It is recommended that these resources will be configured with in-transit data encryption to minimize risk for sensitive data being leaked.

Fix - Runtime

Fix - Buildtime

Terraform

resource "aws_appsync_api_cache" "pass" {
  api_id                     = aws_appsync_graphql_api.default.id
  transit_encryption_enabled = true
  at_rest_encryption_enabled = true
  ttl                        = 60
  type                       = "SMALL"
  api_caching_behavior       = "FULL_REQUEST_CACHING"
}