AWS Elastic Load Balancer v2 (ELBv2) listener that allow connection requests over HTTP
Description
This policy identifies Elastic Load Balancers v2 (ELBv2) listener that are configured to accept connection requests over HTTP instead of HTTPS. As a best practice, use the HTTPS protocol to encrypt the communication between the application clients and the application load balancer.
Code Example
hcl
resource "aws_lb_listener" "example_https" {
...
protocol = "HTTPS"
}Remediation
Terraform
To fix this issue, ensure that the `protocol` property in the `aws_lb_listener` or `aws_alb_listener` resource is set to "HTTPS", "TLS", "TCP", "UDP", "TCP_UDP", or if using `HTTP`, redirect it to `HTTPS`.
Example:
Rule Details
| Field | Value |
|---|---|
| ID | IAC-0057 |
| Severity | MEDIUM |
| IaC Type | Cloudformation |
| Frameworks | CloudFormation, Terraform, TerraformPlan, Serverless |
| Checkov ID | CKV_AWS_2 |