Ensure Alibaba Cloud API Gateway API Protocol uses HTTPS
Error: Alibaba Cloud API Gateway API Protocol does not use HTTPS
Bridgecrew Policy ID: BC_ALI_NETWORKING_4
Checkov Check ID: CKV_ALI_21
Severity: LOW
Alibaba Cloud API Gateway API Protocol does not use HTTPS
Description
Using HTTPS for the API Protocol can help to protect against potential security risks such as man-in-the-middle attacks, in which an attacker intercepts and modifies the communication between the API and its clients. HTTPS uses encryption to secure the communication between the API and its clients, which can help to prevent unauthorized access or tampering with the data being transferred.
Fix - Buildtime
Terraform
resource "alicloud_api_gateway_api" "pass" {
name = alicloud_api_gateway_group.apiGroup.name
group_id = alicloud_api_gateway_group.apiGroup.id
description = "your description"
auth_type = "APP"
force_nonce_check = false
request_config {
protocol = "HTTPS"
method = "GET"
path = "/test/path1"
mode = "MAPPING"
}
service_type = "HTTP"
http_service_config {
address = "https://apigateway-backend.alicloudapi.com:8080"
method = "GET"
path = "/web/cloudapi"
timeout = 12
aone_name = "cloudapi-openapi"
}
request_parameters {
name = "aaa"
type = "STRING"
required = "OPTIONAL"
in = "QUERY"
in_service = "QUERY"
name_service = "testparams"
}
stage_names = [
"RELEASE",
"TEST",
]
}
Updated 9 months ago