Skip to content

aws-network-https-off

Ensure the the networking resource enforces the use of HTTPS

This rule currently applies to the following list of resources:

  • ALB
  • ELB
  • Cloudfront
  • Elasticsearch

Examples

Insecure Example

resource "aws_lb_listener" "front_end" {
  load_balancer_arn = aws_lb.front_end.arn
  port              = "80"
  protocol          = "HTTP"

  default_action {
    type             = "forward"
    target_group_arn = aws_lb_target_group.front_end.arn
  }
}

{
  "Type" : "AWS::ElasticLoadBalancingV2::Listener",
  "Properties" : {
      "DefaultActions" : [
          {"Type" : "forward"}
      ],
      "LoadBalancerArn" : "arn:aws:iam::187416307283:server-certificate/test_cert_rab3wuqwgja25ct3n4jdj2tzu4",
      "Port" : 80,
      "Protocol" : "HTTP",
    }
}

Secure Example

resource "aws_lb_listener" "front_end" {
  load_balancer_arn = aws_lb.front_end.arn
  port              = "443"
  protocol          = "HTTPS"
  ssl_policy        = "ELBSecurityPolicy-FS-1-2-2019-08"
  certificate_arn   = "arn:aws:iam::187416307283:server-certificate/test_cert_rab3wuqwgja25ct3n4jdj2tzu4"

  default_action {
    type             = "forward"
    target_group_arn = aws_lb_target_group.front_end.arn
  }
}

{
  "Type" : "AWS::ElasticLoadBalancingV2::Listener",
  "Properties" : {
      "DefaultActions" : [
          {"Type" : "forward"}
      ],
      "LoadBalancerArn" : "arn:aws:iam::187416307283:server-certificate/test_cert_rab3wuqwgja25ct3n4jdj2tzu4",
      "Port" : 443,
      "Protocol" : "HTTPS",
      "SslPolicy" : "ELBSecurityPolicy-FS-1-2-2019-08",
      "Certificates" : {
          "CertificateArn" : "arn:aws:iam::187416307283:server-certificate/test_cert_rab3wuqwgja25ct3n4jdj2tzu4"
      }
    }
}

More information