Ensure AWS MemoryDB data is encrypted in transit

Error: AWS MemoryDB data is not encrypted in transit

Bridgecrew Policy ID: BC_AWS_GENERAL_164
Checkov Check ID: CKV_AWS_202
Severity: LOW

AWS MemoryDB data is not encrypted in transit

Description

This policy identifies the AWS MemoryDB that are configured with disabled in-transit data encryption. It is recommended that these resources will be configured with in-transit data encryption to minimize risk for sensitive data being leaked.

Fix - Runtime

Fix - Buildtime

Terraform

resource "aws_memorydb_cluster" "pass2" {
  acl_name                 = "open-access"
  name                     = "my-cluster"
  node_type                = "db.t4g.small"
  num_shards               = 2
  security_group_ids       = [aws_security_group.example.id]
  snapshot_retention_limit = 7
  subnet_group_name        = aws_memorydb_subnet_group.example.id
  tls_enabled              = true
}