turbot/aws_compliance

Query: elb_tls_listener_protocol_version

Usage

powerpipe query aws_compliance.query.elb_tls_listener_protocol_version

SQL

select
load_balancer_arn as resource,
case
when protocol <> 'HTTPS' then 'skip'
when protocol = 'HTTPS'
and ssl_policy like any(array [ 'Protocol-SSLv3', 'Protocol-TLSv1' ]) then 'alarm'
else 'ok'
end as status,
case
when protocol <> 'HTTPS' then title || ' uses protocol ' || protocol || '.'
when ssl_policy like any (array [ 'Protocol-SSLv3', 'Protocol-TLSv1' ]) then title || ' uses insecure SSL or TLS cipher.'
else title || ' uses secure SSL or TLS cipher.'
end as reason,
region,
account_id
from
aws_ec2_load_balancer_listener;

Controls

The query is being used by the following controls: