ALB does not redirect HTTP requests into HTTPS ones
Description
Ensure that the behaviour of the Load balancer is redirect any traffic from the encrypted endpoint rather than handling on http or failing to respond.
Code Example
go
{
"
resource "aws_lb" "lb_good" {
}
resource "aws_lb_listener" "listener_good" {
load_balancer_arn = aws_lb.lb_good.arn
port = "80"
protocol = "HTTP"
default_action {
type = "redirect"
redirect {
port = "443"
protocol = "HTTPS"
status_code = "HTTP_301"
}
}
}
",
}Remediation
Terraform
- Resource: aws_lb, aws_lb_listener
- Arguments: redirect of aws_lb_listener
Rule Details
| Field | Value |
|---|---|
| ID | IAC-0457 |
| Severity | LOW |
| IaC Type | Terraform |
| Frameworks | Terraform, TerraformPlan |
| Checkov ID | CKV2_AWS_20 |