For AI agents: A markdown version of this page is available at https://docs.datadoghq.com/security/code_security/iac_security/iac_rules/terraform-alicloud-api-gateway-api-protocol-not-https.md. A documentation index is available at /llms.txt.

API Gateway API protocol not HTTPS

This product is not supported for your selected Datadog site. ().

Metadata

Id: terraform-alicloud-api-gateway-api-protocol-not-https

Provider: Alicloud

Platform: Terraform

Severity: Medium

Category: Networking and Firewall

Learn More

Description

API Gateway APIs must use HTTPS. This rule flags alicloud_api_gateway_api resources where request_config.protocol is not set to HTTPS. It supports both single and indexed forms of request_config, and reports the resource name and attribute location.

Compliant Code Examples

resource "alicloud_api_gateway_group" "apiGroup" {
  name        = "ApiGatewayGroup"
  description = "description of the api group"
}

resource "alicloud_api_gateway_api" "apiGatewayApi" {
  name        = alicloud_api_gateway_group.apiGroup.name
  group_id    = alicloud_api_gateway_group.apiGroup.id
  description = "your description"
  auth_type   = "APP"
  force_nonce_check = false

  request_config {
    protocol = "HTTPS"
    method   = "GET"
    path     = "/test/path1"
    mode     = "MAPPING"
  }

  service_type = "HTTP"

  http_service_config {
    address   = "https://apigateway-backend.alicloudapi.com:8080"
    method    = "GET"
    path      = "/web/cloudapi"
    timeout   = 12
    aone_name = "cloudapi-openapi"
  }

  request_parameters {
    name         = "aaa"
    type         = "STRING"
    required     = "OPTIONAL"
    in           = "QUERY"
    in_service   = "QUERY"
    name_service = "testparams"
  }

  stage_names = [
    "RELEASE",
    "TEST",
  ]
}

Non-Compliant Code Examples

resource "alicloud_api_gateway_group" "apiGroup" {
  name        = "ApiGatewayGroup"
  description = "description of the api group"
}

resource "alicloud_api_gateway_api" "apiGatewayApi" {
  name        = alicloud_api_gateway_group.apiGroup.name
  group_id    = alicloud_api_gateway_group.apiGroup.id
  description = "your description"
  auth_type   = "APP"
  force_nonce_check = false

  request_config {
    protocol = "HTTP"
    method   = "GET"
    path     = "/test/path1"
    mode     = "MAPPING"
  }

  service_type = "HTTP"

  http_service_config {
    address   = "http://apigateway-backend.alicloudapi.com:8080"
    method    = "GET"
    path      = "/web/cloudapi"
    timeout   = 12
    aone_name = "cloudapi-openapi"
  }

  request_parameters {
    name         = "aaa"
    type         = "STRING"
    required     = "OPTIONAL"
    in           = "QUERY"
    in_service   = "QUERY"
    name_service = "testparams"
  }

  stage_names = [
    "RELEASE",
    "TEST",
  ]
}

resource "alicloud_api_gateway_group" "apiGroup" {
  name        = "ApiGatewayGroup"
  description = "description of the api group"
}

resource "alicloud_api_gateway_api" "apiGatewayApi" {
  name        = alicloud_api_gateway_group.apiGroup.name
  group_id    = alicloud_api_gateway_group.apiGroup.id
  description = "your description"
  auth_type   = "APP"
  force_nonce_check = false

  request_config {
    protocol = "HTTP"
    method   = "GET"
    path     = "/test/path1"
    mode     = "MAPPING"
  }

  request_config {
    protocol = "HTTP"
    method   = "GET"
    path     = "/test/path2"
    mode     = "MAPPING"
  }

  service_type = "HTTP"

  http_service_config {
    address   = "http://apigateway-backend.alicloudapi.com:8080"
    method    = "GET"
    path      = "/web/cloudapi"
    timeout   = 12
    aone_name = "cloudapi-openapi"
  }

  request_parameters {
    name         = "aaa"
    type         = "STRING"
    required     = "OPTIONAL"
    in           = "QUERY"
    in_service   = "QUERY"
    name_service = "testparams"
  }

  stage_names = [
    "RELEASE",
    "TEST",
  ]
}