Ensure AWS Cloudsearch uses HTTPS
Error: AWS Cloudsearch does not use HTTPS
Bridgecrew Policy ID: BC_AWS_GENERAL_119
Checkov Check ID: CKV_AWS_220
Severity: LOW
AWS Cloudsearch does not use HTTPS
Description
CloudSearch is a managed search service for your web service. CloudSearch Domains allow you to enforce that requests come over HTTPS, encrypting those requests.
Fix - Runtime
- In the AWS Console, go to CloudSearch.
- Select the domain you wish to edit.
- Under Domain configuration, next to HTTPS options, select Edit.
- Enable Toggle HTTPS options.
- Select Submit.
Fix - Buildtime
Terraform
resource "aws_cloudsearch_domain" "example" {
...
+ endpoint_options {
+ enforce_https = true
+ }
...
}
Updated 10 months ago