Control: API Management services should use at least TLS 1.2 version
Description
This control checks that the API Management service uses at least TLS 1.2 version. This control is non-compliant if API Management service uses older TLS version.
Usage
Run the control in your terminal:
powerpipe control run terraform_azure_compliance.control.apimanagement_service_uses_latest_tls_versionSnapshot and share results via Turbot Pipes:
powerpipe loginpowerpipe control run terraform_azure_compliance.control.apimanagement_service_uses_latest_tls_version --shareSQL
This control uses a named query:
select address as resource, case when (attributes_std -> 'security' ->> 'enable_back_end_ssl30')::boolean then 'alarm' when (attributes_std -> 'security' ->> 'enable_backend_tls10')::boolean then 'alarm' when (attributes_std -> 'security' ->> 'enable_frontend_ssl30')::boolean then 'alarm' when (attributes_std -> 'security' ->> 'enable_frontend_tls10')::boolean then 'alarm' when (attributes_std -> 'security' ->> 'enable_frontend_tls11')::boolean then 'alarm' else 'ok' end status, split_part(address, '.', 2) || case when (attributes_std -> 'security' ->> 'enable_back_end_ssl30')::boolean then ' TLS version is less than 1.2' when (attributes_std -> 'security' ->> 'enable_backend_tls10')::boolean then ' TLS version is less than 1.2' when (attributes_std -> 'security' ->> 'enable_frontend_ssl30')::boolean then ' TLS version is less than 1.2' when (attributes_std -> 'security' ->> 'enable_frontend_tls10')::boolean then ' TLS version is less than 1.2' when (attributes_std -> 'security' ->> 'enable_frontend_tls11')::boolean then ' TLS version is less than 1.2' else ' TLS version is set to at least 1.2 or higher' end || '.' reason , path || ':' || start_linefrom terraform_resourcewhere type = 'azurerm_api_management';