- GG_ID: GG_IAC_0054
- Severity: HIGH
- Complexity: HIGH
- Categories: DATA, NETWORK, PERMISSION
- Providers: AWS
- Potential data exposure: True
- Visible in logs: False
- User interaction required: False
- Privileges required: True
Amazon Managed Streaming for Apache Kafka (MSK) is a fully managed service that enables users to build and run applications that use Apache Kafka to process streaming data.
Amazon MSK encrypts data in transit with TLS by default. This default configuration should not be overridden.
Not encrypting data in-transit could lead to data leak in case of an attack.
The in-transit encryption can't be modified for an existing MSK cluster.
A replacement cluster must be built with the
TLS and the
in_cluster parameter set to to