For AI agents: A markdown version of this page is available at https://docs.datadoghq.com/security/code_security/iac_security/iac_rules/terraform-nifcloud-elb-use-http.md. A documentation index is available at /llms.txt.

NIFCLOUD ELB using HTTP protocol

This product is not supported for your selected Datadog site. ().

Metadata

Id: terraform-nifcloud-elb-use-http

Provider: Nifcloud

Platform: Terraform

Severity: Medium

Category: Networking and Firewall

Learn More

Description

The ELB uses the HTTP protocol. This rule detects NIFCLOUD ELBs attached to the “net-COMMON_GLOBAL” VIP network (network_id == “net-COMMON_GLOBAL” and is_vip_network == true) that are configured with protocol == "HTTP". Such ELBs should use HTTPS to benefit from TLS security features; the rule reports the resource with issueType IncorrectValue and indicates the expected and actual values.

Compliant Code Examples

resource "nifcloud_elb" "negative" {
  availability_zone = "east-11"
  instance_port     = 443
  protocol          = "HTTPS"
  lb_port           = 443

  network_interface {
    network_id     = "net-COMMON_GLOBAL"
    is_vip_network = true
  }
}

Non-Compliant Code Examples

resource "nifcloud_elb" "positive" {
  availability_zone = "east-11"
  instance_port     = 80
  protocol          = "HTTP"
  lb_port           = 80

  network_interface {
    network_id     = "net-COMMON_GLOBAL"
    is_vip_network = true
  }
}

resource "nifcloud_elb" "positive" {
  availability_zone = "east-11"
  instance_port     = 80
  protocol          = "HTTP"
  lb_port           = 80

  network_interface {
    network_id     = "net-COMMON_GLOBAL"
    is_vip_network = true
  }

  network_interface {
    network_id     = "net-COMMON_PRIVATE"
  }
}