ECS Task Definitions with EFS volumes should use in-transit encryption
| Property | |
|---|---|
| Language |  |
| Severity |  |
| Service | ecs |
| Provider | AWS |
| Vulnerability Type | misconfiguration |
Description#
ECS task definitions using EFS volumes are missing in-transit encryption, allowing data to be transmitted between ECS containers and EFS without protection. This exposes sensitive information to interception during network transit.
Impact#
Without in-transit encryption, attackers with network access could intercept and read or manipulate data exchanged between ECS tasks and EFS, leading to data breaches, information leakage, or unauthorized data tampering.
Resolution#
Enable in transit encryption when using efs