Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat(elb): add new check elb_ssl_https_listeners_use_acm_certificates #5424

Open
wants to merge 6 commits into
base: master
Choose a base branch
from
Open

feat(elb): add new check elb_ssl_https_listeners_use_acm_certificates #5424

wants to merge 6 commits into from
+438 −5

Conversation

MarioRgzLpz
Copy link
Member

Context

Added a new check to make sure Classic Load Balancers with SSL/HTTPS listeners =use certificates provided by AWS Certificate Manager (ACM) to enhance security. This control checks whether the load balancer's HTTPS/SSL listener is configured with an ACM-provided certificate, and fails if it is not.

AWS recommends using ACM to create or import SSL/TLS certificates for load balancers due to its integration with Classic Load Balancers and its ability to automate certificate renewal, simplifying management and improving security. Using ACM certificates ensures the encryption of data-in-transit, aligning with industry best practices and compliance standards.

Description

Added certificate_arn to Listener model in elb_service. Adde new check elb_ssl_https_listeners_use_acm_certificates with respective unit tests and metadata.

Checklist

License

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.

@MarioRgzLpz MarioRgzLpz requested review from a team as code owners October 16, 2024 06:13
Base automatically changed from PRWLR-5047-change-certificates-from-acm-certificates-from-list-to-dict-in-acm-service to master October 17, 2024 13:16
@sergargar
Merge branch 'master' into PRWLR-4967-ensure-classic-load-balancers-w…
48e0e80 
…ith-ssl-https-listeners-use-aws-certificate-manager-certificates
@github-actions github-actions bot added the provider/aws Issues/PRs related with the AWS provider label Oct 17, 2024
@codecov Codecov
Copy link

codecov bot commented Oct 17, 2024

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 89.30%. Comparing base (f7fd355) to head (1a1935c).
Report is 3 commits behind head on master.

Additional details and impacted files 
@@            Coverage Diff             @@
##           master    #5424      +/-   ##
==========================================
- Coverage   89.34%   89.30%   -0.04%     
==========================================
  Files        1049     1050       +1     
  Lines       32557    32589      +32     
==========================================
+ Hits        29088    29104      +16     
- Misses       3469     3485      +16

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

sergargar
sergargar requested changes Oct 17, 2024
View reviewed changes
Copy link
Member

@sergargar sergargar left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Tests are failing since ACM tests because we are using MagicMock, can you change it to moto (or patching the API calls if they are not covered)? Thanks!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@sergargar sergargar sergargar requested changes

Requested changes must be addressed to merge this pull request.

Assignees
No one assigned
Labels
provider/aws Issues/PRs related with the AWS provider
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@MarioRgzLpz @sergargar