How do I determine what AWS assets are in a given VPC? And if they are all in a VPC, is there any reason to use in-transit encryption between them?

amazon-web-services amazon-vpc

This question has some good answers and examples regarding how to find everything on a given VPC.

As for the in-transit encryption, I would say you should absolutely have in-transit encryption of data inside the VPC. Security works best when practiced in layers - you're putting assets in a VPC and only exposing things to the Internet that absolutely need to be. The next step is to encrypt data in transit so that if somehow someone did get inside the VPC, they couldn't easily sniff out information. You may also consider encryption at rest so they can't just grab files from the filesystem and run either.

Nowadays, SSL certificates are dirt cheap, and private PKI infrastructure is easy to operate (even moreso inside AWS with ACM). These should be considered a minimum best practice for sure.

Related

Identifying the TLD and SLD of a URL
ImagePullBackOff Kubernetes from Google Cloud Container Registry
SSHing between EC2 instances without having to provide key
docker - cannot connect to exposed port on container using host ip
How to log the IP that connects from outside of company to terminal server?
Is it safe to symlink complete /var directory
How to query Oracle VM REST API with curl?
Use `chsh` on GCP VM in order to change from bash to zshell, default password is unknown
Basic auth Apache and multiple IP conditions
Is the ppa:ondrej/php repository safe?
Non-Systemd Based Linux Services
Postfix change "From: " address when redirecting received email