Ensure Alibaba Cloud API Gateway API Protocol uses HTTPS

Error: Alibaba Cloud API Gateway API Protocol does not use HTTPS

Bridgecrew Policy ID: BC_ALI_NETWORKING_4
Checkov Check ID: CKV_ALI_21
Severity: LOW

Alibaba Cloud API Gateway API Protocol does not use HTTPS

Description

Using HTTPS for the API Protocol can help to protect against potential security risks such as man-in-the-middle attacks, in which an attacker intercepts and modifies the communication between the API and its clients. HTTPS uses encryption to secure the communication between the API and its clients, which can help to prevent unauthorized access or tampering with the data being transferred.

Fix - Buildtime

Terraform

resource "alicloud_api_gateway_api" "pass" {
  name              = alicloud_api_gateway_group.apiGroup.name
  group_id          = alicloud_api_gateway_group.apiGroup.id
  description       = "your description"
  auth_type         = "APP"
  force_nonce_check = false

  request_config {
    protocol = "HTTPS"
    method   = "GET"
    path     = "/test/path1"
    mode     = "MAPPING"
  }

  service_type = "HTTP"

  http_service_config {
    address   = "https://apigateway-backend.alicloudapi.com:8080"
    method    = "GET"
    path      = "/web/cloudapi"
    timeout   = 12
    aone_name = "cloudapi-openapi"
  }

  request_parameters {
    name         = "aaa"
    type         = "STRING"
    required     = "OPTIONAL"
    in           = "QUERY"
    in_service   = "QUERY"
    name_service = "testparams"
  }

  stage_names = [
    "RELEASE",
    "TEST",
  ]
}