Ensure AWS DAX cluster endpoint uses (Transport Layer Security) TLS

Error: AWS DAX cluster endpoint does not use TLS (Transport Layer Security)

Bridgecrew Policy ID: BC_AWS_GENERAL_144
Checkov Check ID: CKV_AWS_239
Severity: LOW

AWS DAX cluster endpoint does not use TLS (Transport Layer Security)

Description

The Transport Layer Security (TLS) protocol secures transmission of data between servers and web browsers, over the Internet, using standard encryption technology. To follow security best practices and the latest PCI compliance standards, enable the latest version of TLS protocol (i.e. TLS 1.2) for all yourDAX Servers.

Fix - Runtime

Fix - Buildtime

Terraform

resource "aws_dax_cluster" "pass" {
  cluster_name                     = var.cluster_name
  iam_role_arn                     = var.iam_role_arn
  parameter_group_name             = aws_dax_parameter_group.example.name
  subnet_group_name                = aws_dax_subnet_group.example.name
  cluster_endpoint_encryption_type = "TLS"
  server_side_encryption {
    enabled = false #default is false
  }
  tags = { test = "Fail" }
}

Updated 6 months ago