From 9a867df2c6482b165dab84a5271b89b5661d19e0 Mon Sep 17 00:00:00 2001
From: Jeremy Wood <jeremy.wood@7factor.io>
Date: Fri, 29 Sep 2023 16:43:54 -0400
Subject: [PATCH] Force transit encryption when using authorization_config on
 efs volumes.

---
 ecs.tf | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/ecs.tf b/ecs.tf
index 3c51cb3..f693c75 100644
--- a/ecs.tf
+++ b/ecs.tf
@@ -43,7 +43,7 @@ resource "aws_ecs_task_definition" "main_task" {
       efs_volume_configuration {
         file_system_id          = volume.value.file_system_id
         root_directory          = volume.value.root_directory
-        transit_encryption      = coalesce(volume.value.transit_encryption, "DISABLED")
+        transit_encryption      = coalesce(volume.value.transit_encryption, volume.value.authorization_config != null ? "ENABLED" : "DISABLED")
         transit_encryption_port = volume.value.transit_encryption_port
 
         dynamic "authorization_config" {