Overview
This report evaluates your AWS environment to assess the encryption in-transit configuration across services that transmit data over networks. Ensuring encryption in transit protects data integrity and confidentiality, and is critical for meeting internal security policies and regulatory standards.
The assessment helps you:
- Identify services and endpoints not enforcing HTTPS or TLS encryption
- Detect insecure ciphers or deprecated protocols
- Reduce risk of man-in-the-middle (MitM) attacks and data interception
- Improve security posture and compliance readiness
The report includes resource-level details to support rapid remediation.
Services and Evaluation Criteria
Amazon S3
AWS Load Balancers (ELB, ALB, CLB)
- Encrypted Listeners Only
- Classic Load Balancers Use Secure Ciphers Only
- Application Load Balancers Redirect HTTP to HTTPS
Amazon OpenSearch (Elasticsearch)
- In-Transit Encryption Enabled
- Requires HTTPS Connections
Amazon CloudFront
- HTTPS Enforced
- No Deprecated SSL Protocols
Amazon Redshift
- In-Transit Encryption Enabled
AWS Glue
- Database Connection SSL Encrypted
Amazon MSK
- TLS In-Transit Encryption Enabled
Amazon ElastiCache (Redis)
- In-Transit Encryption Enabled
AWS DMS
The final output provides a complete report identifying any resources missing encryption in transit. This supports secure communication paths and protects data as it travels between AWS services, users, and systems.