Ce produit n'est pas pris en charge par le
site Datadog que vous avez sélectionné. (
).
Cette page n'est pas encore disponible en français, sa traduction est en cours.
Si vous avez des questions ou des retours sur notre projet de traduction actuel,
n'hésitez pas à nous contacter.
Id: ee3b1557-9fb5-4685-a95d-93f1edf2a0d7
Cloud Provider: Alicloud
Platform: Terraform
Severity: Medium
Category: Networking and Firewall
Learn More
Description
Application Load Balancer (alb) listeners should not use HTTP.
Listeners configured with listener_protocol = "HTTP" expose unencrypted traffic. In Terraform, set listener_protocol = "HTTPS" for alicloud_alb_listener resources to enforce TLS termination and secure data in transit.
Compliant Code Examples
resource "alicloud_alb_listener" "negative" {
load_balancer_id = alicloud_alb_load_balancer.default_3.id
listener_protocol = "HTTPS"
listener_port = 443
listener_description = "createdByTerraform"
default_actions {
type = "ForwardGroup"
forward_group_config {
server_group_tuples {
server_group_id = alicloud_alb_server_group.default.id
}
}
}
certificates {
certificate_id = join("", [alicloud_ssl_certificates_service_certificate.default.id, "-cn-hangzhou"])
}
acl_config {
acl_type = "White"
acl_relations {
acl_id = alicloud_alb_acl.example.id
}
}
}
Non-Compliant Code Examples
resource "alicloud_alb_listener" "positive" {
load_balancer_id = alicloud_alb_load_balancer.default_3.id
listener_protocol = "HTTP"
listener_port = 443
listener_description = "createdByTerraform"
default_actions {
type = "ForwardGroup"
forward_group_config {
server_group_tuples {
server_group_id = alicloud_alb_server_group.default.id
}
}
}
certificates {
certificate_id = join("", [alicloud_ssl_certificates_service_certificate.default.id, "-cn-hangzhou"])
}
acl_config {
acl_type = "White"
acl_relations {
acl_id = alicloud_alb_acl.example.id
}
}
}
