In-transit encryption (TLS) in MemoryDB - Amazon MemoryDB for Redis
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

In-transit encryption (TLS) in MemoryDB

To help keep your data secure, MemoryDB for Redis and Amazon EC2 provide mechanisms to guard against unauthorized access of your data on the server. By providing in-transit encryption capability, MemoryDB gives you a tool you can use to help protect your data when it is moving from one location to another. For example, you might move data from a primary node to a read replica node within a cluster, or between your cluster and your application.

In-transit encryption overview

MemoryDB for Redis in-transit encryption is a feature that increases the security of your data at its most vulnerable points—when it is in transit from one location to another.

MemoryDB in-transit encryption implements the following features:

  • Encrypted connections—both the server and client connections are Transport Layer Security (TLS) encrypted.

  • Encrypted replication—data moving between a primary node and replica nodes is encrypted.

  • Server authentication—clients can authenticate that they are connecting to the right server.

From 07/20/2023, TLS 1.2 is the minimum supported version for new and existing clusters. Use this link to learn more about TLS 1.2 at Amazon.

For more information on connecting to MemoryDB clusters, see Connecting to MemoryDB nodes using redis-cli.

See also