Ensure that Spring Cloud App enforces HTTPS connections
Enforcing HTTPS connections on Spring Cloud App encrypts normal HTTP requests and responses.
Risk Level: High
Cloud Entity: Spring Cloud
CloudGuard Rule ID: D9.AZU.CRY.31
Covered by Spectral: Yes
Category: Compute
GSL LOGIC
SpringCloud should have apps contain [ properties.httpsOnly=true ]
REMEDIATION
From Portal
- Go to 'Azure Spring Cloud' and choose your Spring Cloud resource
- Under 'Settings', select 'Apps' on the navigation menu
- For each Spring Cloud app:
- Under 'Settings', select 'Custom domain' on the navigation menu
- Set 'Https only' to 'Yes'
From TF
Set the 'https_only' argument to 'true':
resource "azurerm_spring_cloud_app" "example" {
..
https_only = true
..
}
From Command Line
Run
az spring-cloud app update --https-only --name APP-NAME --resource-group RESOURCE-GROUP --service SPRING-CLOUD-SERVICE
References
- https://docs.microsoft.com/en-us/azure/spring-cloud/tutorial-custom-domain
- https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/spring_cloud_app#https_only
Spring Cloud
Azure Spring Cloud makes it easy to deploy Spring Boot applications to Azure without any code changes.
Compliance Frameworks
- AZU PCI-DSS 4.0
- Azure CSA CCM v.4.0.1
- Azure CloudGuard Best Practices
- Azure NIST 800-53 Rev 5
- CloudGuard Azure All Rules Ruleset
Updated over 1 year ago