If I have an application running on EC2, say a container that was spinned off. Now if the application inside the container is accessing RDS database I am assuming both the components are within AWS Data Center. Is it recommended to encrypt the data in transit between container and RDS?
"recommended" – it just depends on your needs, some compliance needs require ‘end-to-end’ encryption – then you would do it. Some compliance needs just state ‘encryption when travelling public networks" – you may not. Some would just say encrypt all the time – what is there to lose, yes you have to lose – performance, encryption is an expensive operation.
I am assuming both the components are within AWS Data Center.
If you are using a VPC service endpoint for the RDS service, then the traffic flows only inside your VPC network.
If you use a public RDS endpoint to address the RDS, then the traffic goes between the public IP of your EC2 instance and the RDS public endpoint. So make sure you use the internal RDS endpoint (IMHO for DB you should not create any public endpoint by default).
Is it recommended to encrypt the data in transit between container and RDS?
Depends – as already answered, there are cases when the encryption is required even on the internal traffic, based on the compliance rules you are bound to. Some databases will require SSL connection anyway (MySQL). IMHO you should use TLS/SSL if available even on internal networks, it provides a way to ensure the endpoint identity.
encryption is an expensive operation
That’s not really true. What is expensive is setting up a new TLS/SSL connection. So if you can pool the database connections, the encryption itself has very little performance overhead.