Transfer server does not force secure protocols.
Description
This policy is verifying that the Transfer Server only allows secure protocols. The reason why this is crucial is because insecure protocols can be exploited to potentially access sensitive data, perform unauthorized actions, or compromise the system. Unsecure protocols are more vulnerable to cyber attacks like eavesdropping, man-in-the-middle attacks, and injection attacks. By ensuring the use of secure protocols, the network communication is encrypted and safeguarded from potential breaches. It's an important factor in maintaining the confidentiality, integrity, and availability of data and services.
Code Example
go
resource "aws_transfer_server" "example" {
endpoint_type = "VPC"
endpoint_details {
vpc_id = aws_vpc.example.id
subnet_ids = [
aws_subnet.example1.id,
aws_subnet.example2.id,
]
}
identity_provider_type = "SERVICE_MANAGED"
+ protocols = ["SFTP"]
logging_role = aws_iam_role.example.arn
}Remediation
Terraform
- Resource: aws_transfer_server
- Arguments: protocols
To fix this issue, you need to ensure that the given AWS Transfer Server only allows secure protocols.
Rule Details
| Field | Value |
|---|---|
| ID | IAC-0404 |
| Severity | HIGH |
| IaC Type | Terraform |
| Frameworks | Terraform, TerraformPlan |
| Checkov ID | CKV_AWS_357 |