AWS ECS Task Definition has transit encryption disabled which may lead to sensitive data exposure.
A task definition can have Transit Encryption configured for EFS volumes either when created or when creating a new revision, however if a new revision is created, even if the prior revision is de-registered there could still be services running with that insecure configuration. To properly remediate this scenario, a new task definition must be created with all new services generated from the new task definition. When creating an ECS task definition in the AWS console, follow the steps below. For more information, see the AWS documentation (below).
In AWS Console:
In Terraform -
References:
https://docs.aws.amazon.com/AmazonECS/latest/developerguide/efs-volumes.html
https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/ecs_task_definition