API Management Without Minimum TLS 1.2
Description
Transport Layer Security (TLS) is a protocol that provides secure communications. It is crucial to use a modern, robust version of this protocol to ensure the confidentiality and integrity of data in transit. This policy checks that Azure API Management is configured to use at least TLS 1.2 for both frontend and backend communications.
Code Example
terraform
resource "azurerm_api_management" "example" {
name = "example-api"
location = azurerm_resource_group.example.location
resource_group_name = azurerm_resource_group.example.name
publisher_name = "My Company"
publisher_email = "[email protected]"
security {
+ enable_back_end_ssl30 = false
+ enable_backend_tls10 = false
+ enable_frontend_ssl30 = false
+ enable_frontend_tls10 = false
+ enable_frontend_tls11 = false
}
tags = {
Environment = "production"
}
}Remediation
Terraform
- Resource: azurerm_api_management
- Arguments: security
Rule Details
| Field | Value |
|---|---|
| ID | IAC-0680 |
| Severity | MEDIUM |
| IaC Type | arm |
| Frameworks | Terraform, |
| Checkov ID | CKV_AZURE_173 |