aws-network-https-off¶
Ensure the the networking resource enforces the use of HTTPS
This rule currently applies to the following list of resources:
- ALB
- ELB
- Cloudfront
- Elasticsearch
Examples¶
Insecure Example
resource "aws_lb_listener" "front_end" {
load_balancer_arn = aws_lb.front_end.arn
port = "80"
protocol = "HTTP"
default_action {
type = "forward"
target_group_arn = aws_lb_target_group.front_end.arn
}
}
{
"Type" : "AWS::ElasticLoadBalancingV2::Listener",
"Properties" : {
"DefaultActions" : [
{"Type" : "forward"}
],
"LoadBalancerArn" : "arn:aws:iam::187416307283:server-certificate/test_cert_rab3wuqwgja25ct3n4jdj2tzu4",
"Port" : 80,
"Protocol" : "HTTP",
}
}
Secure Example
resource "aws_lb_listener" "front_end" {
load_balancer_arn = aws_lb.front_end.arn
port = "443"
protocol = "HTTPS"
ssl_policy = "ELBSecurityPolicy-FS-1-2-2019-08"
certificate_arn = "arn:aws:iam::187416307283:server-certificate/test_cert_rab3wuqwgja25ct3n4jdj2tzu4"
default_action {
type = "forward"
target_group_arn = aws_lb_target_group.front_end.arn
}
}
{
"Type" : "AWS::ElasticLoadBalancingV2::Listener",
"Properties" : {
"DefaultActions" : [
{"Type" : "forward"}
],
"LoadBalancerArn" : "arn:aws:iam::187416307283:server-certificate/test_cert_rab3wuqwgja25ct3n4jdj2tzu4",
"Port" : 443,
"Protocol" : "HTTPS",
"SslPolicy" : "ELBSecurityPolicy-FS-1-2-2019-08",
"Certificates" : {
"CertificateArn" : "arn:aws:iam::187416307283:server-certificate/test_cert_rab3wuqwgja25ct3n4jdj2tzu4"
}
}
}