Control: API Management services should use at least TLS 1.2 version
Description
This control checks that the API Management service uses at least TLS 1.2 version. This control is non-compliant if API Management service uses older TLS version.
Usage
Run the control in your terminal:
powerpipe control run terraform_azure_compliance.control.apimanagement_service_uses_latest_tls_versionSnapshot and share results via Turbot Pipes:
powerpipe loginpowerpipe control run terraform_azure_compliance.control.apimanagement_service_uses_latest_tls_version --shareSQL
This control uses a named query:
select address as resource, case when ( attributes_std -> 'security' ->> 'enable_back_end_ssl30' ) :: boolean then 'alarm' when ( attributes_std -> 'security' ->> 'enable_backend_tls10' ) :: boolean then 'alarm' when ( attributes_std -> 'security' ->> 'enable_frontend_ssl30' ) :: boolean then 'alarm' when ( attributes_std -> 'security' ->> 'enable_frontend_tls10' ) :: boolean then 'alarm' when ( attributes_std -> 'security' ->> 'enable_frontend_tls11' ) :: boolean then 'alarm' else 'ok' end status, split_part(address, '.', 2) || case when ( attributes_std -> 'security' ->> 'enable_back_end_ssl30' ) :: boolean then ' TLS version is less than 1.2' when ( attributes_std -> 'security' ->> 'enable_backend_tls10' ) :: boolean then ' TLS version is less than 1.2' when ( attributes_std -> 'security' ->> 'enable_frontend_ssl30' ) :: boolean then ' TLS version is less than 1.2' when ( attributes_std -> 'security' ->> 'enable_frontend_tls10' ) :: boolean then ' TLS version is less than 1.2' when ( attributes_std -> 'security' ->> 'enable_frontend_tls11' ) :: boolean then ' TLS version is less than 1.2' else ' TLS version is set to at least 1.2 or higher' end || '.' reason, path || ':' || start_linefrom terraform_resourcewhere type = 'azurerm_api_management';