CloudWiki
Rules
Medium

Ensure MSK (Kafka) clusters have encryption in transit enabled between brokers within a cluster

Security & Compliance
Description

MSK (Kafka) clusters have encryption in transit enabled between brokers within a cluster ensures that data exchanged between brokers within the cluster is encrypted, thereby protecting sensitive data from eavesdropping and unauthorized access. This helps ensure the confidentiality and integrity of the data as it is transmitted within the cluster.

Remediation

To ensure MSK (Kafka) clusters have encryption in transit enabled between brokers within a cluster, you can follow the below remediation steps:

  1. Open the Amazon MSK console.
  2. Click on the name of the MSK cluster for which you want to enable encryption in transit.
  3. In the left navigation pane, select the "Configuration" tab.
  4. Scroll down to the "Encryption in Transit" section.
  5. Select the "Encryption in Transit Between Brokers" option.
  6. Choose the TLS version you want to use from the "TLS version" drop-down list.
  7. Click on the "Save" button to apply the changes.
  8. Wait for the changes to take effect.
  9. Repeat the above steps for each MSK cluster that you want to enable encryption in transit between brokers within a cluster.

By following these remediation steps, you can ensure that MSK (Kafka) clusters have encryption in transit enabled between brokers within a cluster, which helps to secure communication within the cluster.

Enforced Resources
Note: Remediation steps provided by Lightlytics are meant to be suggestions and guidelines only. It is crucial to thoroughly verify and test any remediation steps before applying them to production environments. Each organization's infrastructure and security needs may differ, and blindly applying suggested remediation steps without proper testing could potentially cause unforeseen issues or vulnerabilities. Therefore, it is strongly recommended that you validate and customize any remediation steps to meet your organization's specific requirements and ensure that they align with your security policies and best practices.