Beta - Nifcloud ELB use HTTP protocol

이 제품은 선택한 Datadog 사이트에서 지원되지 않습니다. ().
이 페이지는 아직 한국어로 제공되지 않습니다. 번역 작업 중입니다.
현재 번역 프로젝트에 대한 질문이나 피드백이 있으신 경우 언제든지 연락주시기 바랍니다.

Metadata

Id: e2de2b80-2fc2-4502-a764-40930dfcc70a

Cloud Provider: Nifcloud

Platform: Terraform

Severity: High

Category: Insecure Configurations

Learn More

Description

The ELB uses the HTTP protocol. This rule detects NIFCLOUD ELBs attached to the “net-COMMON_GLOBAL” VIP network (network_id == “net-COMMON_GLOBAL” and is_vip_network == true) that are configured with protocol == "HTTP". Such ELBs should use HTTPS to benefit from TLS security features; the rule reports the resource with issueType IncorrectValue and indicates the expected and actual values.

Compliant Code Examples

resource "nifcloud_elb" "negative" {
  availability_zone = "east-11"
  instance_port     = 443
  protocol          = "HTTPS"
  lb_port           = 443

  network_interface {
    network_id     = "net-COMMON_GLOBAL"
    is_vip_network = true
  }
}

Non-Compliant Code Examples

resource "nifcloud_elb" "positive" {
  availability_zone = "east-11"
  instance_port     = 80
  protocol          = "HTTP"
  lb_port           = 80

  network_interface {
    network_id     = "net-COMMON_GLOBAL"
    is_vip_network = true
  }

  network_interface {
    network_id     = "net-COMMON_PRIVATE"
  }
}

resource "nifcloud_elb" "positive" {
  availability_zone = "east-11"
  instance_port     = 80
  protocol          = "HTTP"
  lb_port           = 80

  network_interface {
    network_id     = "net-COMMON_GLOBAL"
    is_vip_network = true
  }
}