Proposal: Let's update this module to follow best security practices #195
Assignees
Labels
Comments
|
I agree with the proposed defaults in this proposal. To quote Cloud Posse Terraform Best Practices: "Modules should be as turnkey as possible. The default value should ensure the most secure configuration (E.g. with encryption enabled)." I'd also double down and say that the module should offer better support for gRPC and HTTP/2 applications and secure configurations for those protocols as well. |
|
Discussed internally to @cloudposse contributors and we've decided this is worth doing. I'll note this down as a go and circle back around to implement when I have time 👍 |
Gowiem
added
enhancement
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Describe the Feature
I was writing a blog post about how open-source modules are great because we get the best security practices out of the box. And I was looking at this module to provide a good example of that... and yet, I don't think it does a great job in the "security first" category. Examples below in expected behavior.
Expected Behavior
What I'd expect this module to do by default:
certificate_arnrequired (nullallowed in the case that the user wants to configure HTTP only)Use Case
I believe Cloud Posse modules should be built to be secure by default, and should be configurable for the POC use-cases (e.g. using HTTP instead of HTTPS).
Describe Ideal Solution
We implement secure by default.
Alternatives Considered
No response
Additional Context
No response
The text was updated successfully, but these errors were encountered: