Beta - CLB listener using insecure protocols

Docs > Datadog Security > Code Security > Infrastructure as Code (IaC) Security > IaC Security Rules > Beta - CLB listener using insecure protocols

Metadata

Id: fe08b81c-12e9-4b5e-9006-4218fca750fd

Cloud Provider: TencentCloud

Platform: Terraform

Severity: High

Category: Encryption

Learn More

Provider Reference

Description

The CLB listener protocol must not be set to insecure protocols such as TCP, UDP, or HTTP. This rule checks tencentcloud_clb_listener resources and flags any instance where the protocol is one of these insecure values. Resources configured with these protocols are considered insecure and are reported.

Compliant Code Examples

resource "tencentcloud_clb_listener" "listener" {
  clb_id        = "lb-0lh5au7v"
  listener_name = "test_listener"
  protocol      = "HTTPS"
  port          = 443
}

Non-Compliant Code Examples

resource "tencentcloud_clb_listener" "listener" {
  clb_id        = "lb-0lh5au7v"
  listener_name = "test_listener"
  protocol      = "TCP"
  port          = 8080
}

resource "tencentcloud_clb_listener" "listener" {
  clb_id        = "lb-0lh5au7v"
  listener_name = "test_listener"
  protocol      = "UDP"
  port          = 8090
}

resource "tencentcloud_clb_listener" "listener" {
  clb_id        = "lb-0lh5au7v"
  listener_name = "test_listener"
  protocol      = "HTTP"
  port          = 80
}