Beta - Nifcloud ELB use HTTP protocol
Ce produit n'est pas pris en charge par le
site Datadog que vous avez sélectionné. (
).
Cette page n'est pas encore disponible en français, sa traduction est en cours.
Si vous avez des questions ou des retours sur notre projet de traduction actuel,
n'hésitez pas à nous contacter.
Id: e2de2b80-2fc2-4502-a764-40930dfcc70a
Cloud Provider: Nifcloud
Platform: Terraform
Severity: High
Category: Insecure Configurations
Learn More
Description
The ELB uses the HTTP protocol. This rule detects NIFCLOUD ELBs attached to the “net-COMMON_GLOBAL” VIP network (network_id == “net-COMMON_GLOBAL” and is_vip_network == true) that are configured with protocol == "HTTP". Such ELBs should use HTTPS to benefit from TLS security features; the rule reports the resource with issueType IncorrectValue and indicates the expected and actual values.
Compliant Code Examples
resource "nifcloud_elb" "negative" {
availability_zone = "east-11"
instance_port = 443
protocol = "HTTPS"
lb_port = 443
network_interface {
network_id = "net-COMMON_GLOBAL"
is_vip_network = true
}
}
Non-Compliant Code Examples
resource "nifcloud_elb" "positive" {
availability_zone = "east-11"
instance_port = 80
protocol = "HTTP"
lb_port = 80
network_interface {
network_id = "net-COMMON_GLOBAL"
is_vip_network = true
}
network_interface {
network_id = "net-COMMON_PRIVATE"
}
}
resource "nifcloud_elb" "positive" {
availability_zone = "east-11"
instance_port = 80
protocol = "HTTP"
lb_port = 80
network_interface {
network_id = "net-COMMON_GLOBAL"
is_vip_network = true
}
}
