We setup aws redis cluster which can be accessible only from our applications which are deployed in aws in same vpc. So our aws redis cluster is not accessible from outside of aws as well as even not accessible by other aws service who doesn't have same security group.
It would be nice if anybody can give explanation whether we still need the SSL (encryption in transit) or not and why we need?
Redis has been designed for use within a trusted private network, and does not support SSL encrypted connections. While that is ok for many implementations, it does not lend well to cloud based implementations. While some cloud providers offer private networks, not all of them do. So if you want to run a Redis master on one server and your application on another, you have no choice but to leave that connection unencrypted. Leaving that sensitive traffic to be sent across the cloud providers network or even the general internet with no protection from someone with a network sniffer.
Source: https://redislabs.com/blog/stunnel-secure-redis-ssl/
