Ensure LB Listener uses only secure protocols
Description
This policy checks whether a load balancer listener uses only secure protocols, specifically HTTPS or TLS, and ensures the TLS version is set to TLSv1.2. Using insecure protocols can expose data to eavesdropping and tampering, which is a significant security risk. By enforcing the use of secure protocols, this rule helps protect sensitive information transmitted between the load balancer and its clients. It is essential to use secure communication protocols to prevent man-in-the-middle attacks and maintain the confidentiality and integrity of data.
Code Example
terraform
resource "ncloud_lb_listener" "example" {
protocol = "HTTPS"
tls_min_version_type = "TLSv1.2"
}Remediation
Update the load balancer listener configuration to use a secure protocol (HTTPS or TLS) and set the TLS version to TLSv1.2.
Rule Details
| Field | Value |
|---|---|
| ID | IAC-1216 |
| Severity | MEDIUM |
| IaC Type | Terraform |
| Frameworks | ncloud_lb_listener |
| Checkov ID | CKV_NCP_13 |