You now can further enhance the security of your applications by encrypting data in transit between your applications and your Amazon DynamoDB Accelerator (DAX) clusters, and between the nodes within a DAX cluster. To use this new feature, enable encryption in transit when creating a DAX cluster and use the latest version of any of the DAX clients. If you enable encryption in transit for a DAX cluster, all requests and responses between your applications and clusters are encrypted by Transport Layer Security (TLS), and connections to the cluster can be authenticated by verification of a cluster X.509 certificate. In addition, the data in transit between the nodes within a cluster also is encrypted. You can enable encryption in transit in the DynamoDB console, AWS CLI, AWS SDKs, and AWS CloudFormation.
Source:: Amazon AWS