For https://docs.aws.amazon.com/cdk/api/v2/docs/aws-cdk-lib.aws_elasticloadbalancingv2.ApplicationLoadBalancer.html[aws-cdk-lib.aws-elasticloadbalancingv2.ApplicationLoadBalancer]:
[source,javascript]
----
import { ApplicationLoadBalancer } from 'aws-cdk-lib/aws-elasticloadbalancingv2';
const alb = new ApplicationLoadBalancer(this, 'ALB', {
vpc: vpc,
internetFacing: true
});
alb.addListener('listener-http-default', {
port: 8080,
open: true
}); // Sensitive
alb.addListener('listener-http-explicit', {
protocol: ApplicationProtocol.HTTP, // Sensitive
port: 8080,
open: true
});
----
For https://docs.aws.amazon.com/cdk/api/v2/docs/aws-cdk-lib.aws_elasticloadbalancingv2.ApplicationListener.html[aws-cdk-lib.aws-elasticloadbalancingv2.ApplicationListener]:
[source,javascript]
----
import { ApplicationListener } from 'aws-cdk-lib/aws-elasticloadbalancingv2';
new ApplicationListener(this, 'listener-http-explicit-constructor', {
loadBalancer: alb,
protocol: ApplicationProtocol.HTTP, // Sensitive
port: 8080,
open: true
});
----
For https://docs.aws.amazon.com/cdk/api/v2/docs/aws-cdk-lib.aws_elasticloadbalancingv2.NetworkLoadBalancer.html[aws-cdk-lib.aws-elasticloadbalancingv2.NetworkLoadBalancer]:
[source,javascript]
----
import { NetworkLoadBalancer } from 'aws-cdk-lib/aws-elasticloadbalancingv2';
const nlb = new NetworkLoadBalancer(this, 'nlb', {
vpc: vpc,
internetFacing: true
});
var listenerNLB = nlb.addListener('listener-tcp-default', {
For https://docs.aws.amazon.com/cdk/api/v2/docs/aws-cdk-lib.aws_elasticloadbalancingv2.NetworkListener.html[aws-cdk-lib.aws-elasticloadbalancingv2.NetworkListener]:
[source,javascript]
----
import { NetworkListener } from 'aws-cdk-lib/aws-elasticloadbalancingv2';
new NetworkListener(this, 'listener-tcp-explicit-constructor', {
loadBalancer: nlb,
protocol: Protocol.TCP, // Sensitive
port: 8080
});
----
For https://docs.aws.amazon.com/cdk/api/v2/docs/aws-cdk-lib.aws_elasticloadbalancingv2.CfnListener.html[aws-cdk-lib.aws-elasticloadbalancingv2.CfnListener]:
[source,javascript]
----
import { CfnListener } from 'aws-cdk-lib/aws-elasticloadbalancingv2';
new CfnListener(this, 'listener-http', {
defaultActions: defaultActions,
loadBalancerArn: alb.loadBalancerArn,
protocol: "HTTP", // Sensitive
port: 80
});
new CfnListener(this, 'listener-tcp', {
defaultActions: defaultActions,
loadBalancerArn: alb.loadBalancerArn,
protocol: "TCP", // Sensitive
port: 80
});
----
For https://docs.aws.amazon.com/cdk/api/v2/docs/aws-cdk-lib.aws_elasticloadbalancing.CfnLoadBalancer.html[aws-cdk-lib.aws-elasticloadbalancing.CfnLoadBalancer]:
[source, javascript]
----
import { CfnLoadBalancer } from 'aws-cdk-lib/aws-elasticloadbalancing';
new CfnLoadBalancer(this, 'elb-tcp', {
listeners: [{
instancePort: '1000',
loadBalancerPort: '1000',
protocol: 'tcp' // Sensitive
}]
});
new CfnLoadBalancer(this, 'elb-http', {
listeners: [{
instancePort: '1000',
loadBalancerPort: '1000',
protocol: 'http' // Sensitive
}]
});
----
For https://docs.aws.amazon.com/cdk/api/v2/docs/aws-cdk-lib.aws_elasticloadbalancing.LoadBalancer.html[aws-cdk-lib.aws-elasticloadbalancing.LoadBalancer]:
[source,javascript]
----
import { LoadBalancer } from 'aws-cdk-lib/aws-elasticloadbalancing';
const loadBalancer = new LoadBalancer(this, 'elb-tcp-dict', {
For https://docs.aws.amazon.com/cdk/api/v2/docs/aws-cdk-lib.aws_elasticloadbalancingv2.ApplicationLoadBalancer.html[aws-cdk-lib.aws-elasticloadbalancingv2.ApplicationLoadBalancer]:
[source,javascript]
----
import { ApplicationLoadBalancer } from 'aws-cdk-lib/aws-elasticloadbalancingv2';
const alb = new ApplicationLoadBalancer(this, 'ALB', {
vpc: vpc,
internetFacing: true
});
alb.addListener('listener-https-explicit', {
protocol: ApplicationProtocol.HTTPS,
port: 8080,
open: true,
certificates: [certificate]
});
alb.addListener('listener-https-implicit', {
port: 8080,
open: true,
certificates: [certificate]
});
----
For https://docs.aws.amazon.com/cdk/api/v2/docs/aws-cdk-lib.aws_elasticloadbalancingv2.ApplicationListener.html[aws-cdk-lib.aws-elasticloadbalancingv2.ApplicationListener]:
[source,javascript]
----
import { ApplicationListener } from 'aws-cdk-lib/aws-elasticloadbalancingv2';
new ApplicationListener(this, 'listener-https-explicit', {
loadBalancer: loadBalancer,
protocol: ApplicationProtocol.HTTPS,
port: 8080,
open: true,
certificates: [certificate]
});
----
For https://docs.aws.amazon.com/cdk/api/v2/docs/aws-cdk-lib.aws_elasticloadbalancingv2.NetworkLoadBalancer.html[aws-cdk-lib.aws-elasticloadbalancingv2.NetworkLoadBalancer]:
[source,javascript]
----
import { NetworkLoadBalancer } from 'aws-cdk-lib/aws-elasticloadbalancingv2';
const nlb = new NetworkLoadBalancer(this, 'nlb', {
vpc: vpc,
internetFacing: true
});
nlb.addListener('listener-tls-explicit', {
protocol: Protocol.TLS,
port: 1234,
certificates: [certificate]
});
nlb.addListener('listener-tls-implicit', {
port: 1234,
certificates: [certificate]
});
----
For https://docs.aws.amazon.com/cdk/api/v2/docs/aws-cdk-lib.aws_elasticloadbalancingv2.NetworkListener.html[aws-cdk-lib.aws-elasticloadbalancingv2.NetworkListener]:
[source,javascript]
----
import { NetworkListener } from 'aws-cdk-lib/aws-elasticloadbalancingv2';
new NetworkListener(this, 'listener-tls-explicit', {
loadBalancer: loadBalancer,
protocol: Protocol.TLS,
port: 8080,
certificates: [certificate]
});
----
For https://docs.aws.amazon.com/cdk/api/v2/docs/aws-cdk-lib.aws_elasticloadbalancingv2.CfnListener.html[aws-cdk-lib.aws-elasticloadbalancingv2.CfnListener]:
[source,javascript]
----
import { CfnListener } from 'aws-cdk-lib/aws-elasticloadbalancingv2';
new CfnListener(this, 'listener-https', {
defaultActions: defaultActions,
loadBalancerArn: loadBalancerArn,
protocol: "HTTPS",
port: 80
certificates: [certificate]
});
new CfnListener(this, 'listener-tls', {
defaultActions: defaultActions,
loadBalancerArn: loadBalancerArn,
protocol: "TLS",
port: 80
certificates: [certificate]
});
----
For https://docs.aws.amazon.com/cdk/api/v2/docs/aws-cdk-lib.aws_elasticloadbalancing.CfnLoadBalancer.html[aws-cdk-lib.aws-elasticloadbalancing.CfnLoadBalancer]:
[source, javascript]
----
import { CfnLoadBalancer } from 'aws-cdk-lib/aws-elasticloadbalancing';
new CfnLoadBalancer(this, 'elb-ssl', {
listeners: [{
instancePort: '1000',
loadBalancerPort: '1000',
protocol: 'ssl',
sslCertificateId: sslCertificateId
}]
});
new CfnLoadBalancer(this, 'elb-https', {
listeners: [{
instancePort: '1000',
loadBalancerPort: '1000',
protocol: 'https',
sslCertificateId: sslCertificateId
}]
});
----
For https://docs.aws.amazon.com/cdk/api/v2/docs/aws-cdk-lib.aws_elasticloadbalancing.LoadBalancer.html[aws-cdk-lib.aws-elasticloadbalancing.LoadBalancer]:
[source,javascript]
----
import { LoadBalancer, LoadBalancingProtocol } from 'aws-cdk-lib/aws-elasticloadbalancing';
const lb = new LoadBalancer(this, 'elb-ssl', {
vpc,
internetFacing: true,
healthCheck: {
port: 80,
},
listeners: [
{
externalPort:10000,
externalProtocol:LoadBalancingProtocol.SSL,
internalPort:10000
}]
});
lb.addListener({
externalPort:10001,
externalProtocol:LoadBalancingProtocol.SSL,
internalPort:10001
});
lb.addListener({
externalPort:10002,
externalProtocol:LoadBalancingProtocol.HTTPS,
internalPort:10002
});
----
For https://docs.aws.amazon.com/cdk/api/v2/docs/aws-cdk-lib.aws_elasticache.CfnReplicationGroup.html[aws-cdk-lib.aws-elasticache.CfnReplicationGroup]:
[source, javascript]
----
import { CfnReplicationGroup } from 'aws-cdk-lib/aws-elasticache';
new CfnReplicationGroup(this, 'encrypted-explicit', {
replicationGroupDescription: 'example',
transitEncryptionEnabled: true
});
----
For https://docs.aws.amazon.com/cdk/api/v2/docs/aws-cdk-lib.aws_kinesis.Stream.html[aws-cdk-lib.aws-kinesis.Stream]:
[source, javascript]
----
import { Stream } from 'aws-cdk-lib/aws-kinesis';
new Stream(this, 'stream-implicit-encrypted');
new Stream(this, 'stream-explicit-encrypted-selfmanaged', {
encryption: StreamEncryption.KMS,
encryptionKey: encryptionKey,
});
new Stream(this, 'stream-explicit-encrypted-managed', {
encryption: StreamEncryption.MANAGED
});
----
For https://docs.aws.amazon.com/cdk/api/v2/docs/aws-cdk-lib.aws_kinesis.CfnStream.html[aws-cdk-lib.aws-kinesis.CfnStream]:
[source, javascript]
----
import { CfnStream } from 'aws-cdk-lib/aws-kinesis';
new CfnStream(this, 'cfnstream-explicit-encrypted', {
* Using {protocol.insecure} protocol is insecure. Use {protocol.alternatives} instead.
* Make sure STARTTLS is used to upgrade to a secure connection using SSL/TLS.
For `aws-cdk-lib.aws-elasticloadbalancing.LoadBalancer`, `aws-cdk-lib.aws-elasticloadbalancing.CfnLoadBalancer`, `aws-cdk-lib.aws-elasticloadbalancing.LoadBalancerListener`, `aws-cdk-lib.aws-elasticloadbalancingv2.ApplicationLoadBalancer`, `aws-cdk-lib.aws-elasticloadbalancingv2.NetworkLoadBalancer`, `aws-cdk-lib.aws-elasticloadbalancingv2.ApplicationListener`, `aws-cdk-lib.aws-elasticloadbalancingv2.ApplicationListener`, `aws-cdk-lib.aws-elasticloadbalancingv2.NetworkListener` and `aws-cdk-lib.aws-elasticloadbalancingv2.CfnListener`:
* Make sure that using network protocols without an SSL/TLS underlay is safe here.
For `aws-cdk-lib.aws-elasticache.CfnReplicationGroup`:
* Make sure that disabling transit encryption is safe here.
For `aws-cdk-lib.aws-kinesis.CfnStream` and `aws-cdk-lib.aws-kinesis.Stream`:
* Make sure that disabling stream encryption is safe here.
=== Highlighting
For `aws-cdk-lib.aws-elasticloadbalancingv2.ApplicationLoadBalancer`:
* Highlight the `protocol` parameter of the `addListener` call when it is set
to elbv2.ApplicationProtocol.HTTP
* Highlight the `addListener` call when the `protocol` parameter is not set
and the port parameter is 80, 8000, 8080 or 8008
For `aws-cdk-lib.aws-elasticloadbalancingv2.ApplicationListener`
* Highlight the `protocol` property of the object constructor when it is set to
elbv2.ApplicationProtocol.HTTP
* Highlight the object constructor call when the `protocol` parameter is not set
and the port parameter is 80, 8000, 8080 or 8008
For `aws-cdk-lib.aws-elasticloadbalancingv2.NetworkLoadBalancer`
* Highlight the `protocol` parameter of the `addListener` call when it is set
to elbv2.Protocol.TCP, elbv2.Protocol.UDP, or
elbv2.Protocol.TCP_UDP
* Highlight the `addListener` call when the `protocol` parameter is not set
and the `certificates` parameter is not set or is an empty `Sequence`.
For `aws-cdk-lib.aws-elasticloadbalancingv2.NetworkListener`
* Highlight the `protocol` property of the object constructor call when it is set
to elbv2.Protocol.TCP, elbv2.Protocol.UDP, or
elbv2.Protocol.TCP_UDP
* Highlight the constructor call when the `protocol` parameter is not set
and the `certificates` parameter is not set or is an empty `Sequence`.
For `aws-cdk-lib.aws-elasticloadbalancingv2.CfnListener`:
* Highlight the `protocol` property of the object constructor when set to
HTTP, TCP, UDP, or TCP_UDP.
For `aws-cdk-lib.aws-elasticloadbalancing.LoadBalancer`:
* Highlight the `externalProtocol` dict entry in the `listeners` property of the
object constructor when set to `elb.LoadBalancingProtocol.TCP` or `elb.LoadBalancingProtocol.HTTP`.
* Highlight the `externalProtocol` parameter of the call to `add_listener` when set to `elb.LoadBalancingProtocol.TCP` or `elb.LoadBalancingProtocol.HTTP`.
For `aws-cdk-lib.aws-elasticloadbalancing.CfnLoadBalancer`:
* When the `listeners` property of the object constructor is a `Sequence`
that contains a `dict` with a "protocol" entry set to "tcp" or "http",
highligth the "protocol" entry.
* When the `listeners` property of the object constructor is a `Sequence`
that contains an `elb.CfnLoadBalancer.ListenersProperty` with a `protocol`
property set to "tcp" or "http", highlight the protocol property.
For `aws-cdk-lib.aws-elasticloadbalancing.LoadBalancerListener`:
* Highlight the `externalProtocol` property of the object constructor when set to `elb.LoadBalancingProtocol.TCP` or `elb.LoadBalancingProtocol.HTTP`.
For `aws-cdk-lib.aws-elasticache.CfnReplicationGroup`:
* Highlight the `transitEncryptionEnabled` property of the object constructor if it is
present and set to False.
* Highlight the constructor call if the `transitEncryptionEnabled` attribute is not set.
For `aws-cdk-lib.aws-kinesis.CfnStream`:
* Highlight the object constructor when the `streamEncryption` property is not set.
* Highlight the `streamEncryption` property of the object constructor when set to `undefined`.
For `aws-cdk-lib.aws-kinesis.Stream`:
* Highlight the `encryption` property of the object constructor when it is set to aws-kinesis.StreamEncryption.UNENCRYPTED
