Terraform Lb Protocol Set To Http
Description
Detects AWS Elastic Load Balancers configured with unencrypted HTTP listeners instead of HTTPS. This poses a security risk as sensitive data transmitted between clients and the load balancer could be intercepted or modified by attackers.
Detection Strategy
• Scans Terraform configuration files for 'aws_elb' resource definitions
• Checks if any listener configurations specify 'http' as the protocol
• Reports a vulnerability when an ELB listener is configured to accept unencrypted HTTP traffic
Vulnerable code example
resource "aws_elb" "example" {
name = "vulnerable-elb"
listener {
instance_port = 8000
instance_protocol = "http" # Vulnerable: Using insecure HTTP protocol instead of HTTPS
lb_port = 80
lb_protocol = "http" # Vulnerable: Load balancer should use HTTPS for secure communication...✅ Secure code example
resource "aws_elb" "example" {
name = "secure-elb"
listener {
instance_port = 8000
instance_protocol = "https" # Secure: Using HTTPS for backend instance communication
lb_port = 443 # Secure: Using standard HTTPS port
lb_protocol = "https" # Secure: Load balancer using HTTPS protocol...Search for vulnerabilities in your apps for free with Fluid Attacks' automated security testing! Start your 21-day free trial and discover the benefits of the Continuous Hacking Essential plan. If you prefer the Advanced plan, which includes the expertise of Fluid Attacks' hacking team, fill out this contact form.