turbot/steampipe-mod-terraform-aws-compliance

Control: API Gateway stage should uses SSL certificate

Description

Ensure if a REST API stage uses a Secure Sockets Layer (SSL) certificate. This rule is complaint if the REST API stage does not have an associated SSL certificate.

Usage

Run the control in your terminal:

powerpipe control run terraform_aws_compliance.control.apigateway_rest_api_stage_use_ssl_certificate

Snapshot and share results via Turbot Pipes:

powerpipe login
powerpipe control run terraform_aws_compliance.control.apigateway_rest_api_stage_use_ssl_certificate --share

SQL

This control uses a named query:

select
address as resource,
case
when (attributes_std -> 'client_certificate_id') is null then 'alarm'
else 'ok'
end status,
split_part(address, '.', 2) || case
when (attributes_std -> 'client_certificate_id') is null then ' does not use SSL certificate'
else ' uses SSL certificate'
end || '.' reason
, path || ':' || start_line
from
terraform_resource
where
type = 'aws_api_gateway_stage';

Tags