Backend of the API management system does not utilize HTTPS
Description
This policy, identified by CKV_AZURE_215, falls under the category of encryption checks. It is verifying that the API management backend is using HTTPS protocol for communication and connectivity.
Why is this important? HTTPS ensures that all data communication between the client and server is encrypted and secure. Using unsecured protocols like HTTP can expose sensitive data to potential eavesdropping, manipulation, or cyberattacks. Implementing HTTPS is a basic yet essential step in maintaining security and safeguarding data in transit, hence non-compliance with this policy might lead to potential security risks.
Code Example
go
resource "azurerm_api_management_backend" "example" {
resource_group_name = azurerm_resource_group.example.name
api_management_name = azurerm_api_management.example.name
title = "example"
url = "https://example.com"
}Remediation
Terraform
- Resource: azurerm_api_management_backend
- Arguments: url
To fix this issue, ensure that your API Management Backend uses HTTPS as defined in your Terraform configuration.
Rule Details
| Field | Value |
|---|---|
| ID | IAC-0722 |
| Severity | HIGH |
| IaC Type | Terraform |
| Frameworks | Terraform, TerraformPlan |
| Checkov ID | CKV_AZURE_215 |