Encrypt traffic to HTTPS load balancers with TLS certificates

Overview

Encrypt traffic to HTTPS load balancers using TLS certificates.

Rationale

Encrypting traffic between users and your Kubernetes workload is fundamental to protecting data sent over the web.

Audit

Your load balancer vendor can provide details on auditing the certificates and policies required to utilize TLS.

Remediation guidance

Your load balancer vendor can provide details on configuring HTTPS with TLS.

References

Multiple Remediation Paths

SERVICE-WIDE (RECOMMENDED when many resources are affected): Apply organization/tenant-level guardrails and baseline policies for the entire platform.

ASSET-LEVEL: Fix only the affected resources identified by this control.

PREVENTIVE: Add preventive policy checks to CI/CD and periodic posture scans.

References for Service-Wide Patterns

Platform policy/governance and preventive control patterns should be applied tenant-wide where supported.

Query logic

These are the stored checks tied to this control.

Ingresses without TLS config

Connectors

Kubernetes

Covered asset types

Ingress

Expected check: eq []

{
  EKSIngressesWithoutTLSConfig {
    ...AssetFragment
  }
}

Encrypt traffic to HTTPS load balancers with TLS certificates

Overview

Remediation guidance

Multiple Remediation Paths

References for Service-Wide Patterns

Query logic

Platform

Use Cases

Industries

Compare

Resources

Company