Skip to content

Ensure cluster data transfer is encrypted

Description

Data in transit encryption helps prevent unauthorized users from reading sensitive data available on your Redis clusters and their associated cache storage systems.

Rationale

In-transit encryption encrypts your data whenever it is moving from one place to another, such as between nodes in your cluster or between your cluster and your application.

Applies To

  • Databases

Tags

This rule is applied when the following tags are present:

Tag With Value
secureclouddb/provider aws
secureclouddb/service elasticache

Default Rule

/**
 * @param {Object} databaseSettings - database settings object
 * @returns {boolean} true if the transitEncryptionEnabled option is enable
 */
function validate(databaseSettings) {

    const success =
        databaseSettings.awsDatabaseInstance &&
        databaseSettings.awsDatabaseInstance.elasticacheCluster &&
        databaseSettings.awsDatabaseInstance.elasticacheCluster.transitEncryptionEnabled

    return {
        success,
    }
}

// invoke
validate(databaseSettings);