In order to ensure security from the outside world to our brokered cluster, we want provision TLS certificates with ACM and have the ingress ALB configured to use them.
Acceptance Criteria
[ACs should be clearly demoable/verifiable whenever possible. Try specifying them using BDD.]
[ ] GIVEN I have provisioned an EKS instance \
AND I have deployed a sample workload (eg the 2048 game) \
WHEN I visit the URL listed in the kubernetes ingress for the sample workload \
THEN I see that I am redirected from http:// to https:// \
AND I see that there is a valid certificate in place for the TLS connection.
Background
Federal compliance requires that we use TLS for any connection over the internet.
User Story
In order to ensure security from the outside world to our brokered cluster, we want provision TLS certificates with ACM and have the ingress ALB configured to use them.
Acceptance Criteria
[ACs should be clearly demoable/verifiable whenever possible. Try specifying them using BDD.]
http://
tohttps://
\ AND I see that there is a valid certificate in place for the TLS connection.Background
Federal compliance requires that we use TLS for any connection over the internet.
Security Considerations (required)
Implementing this story helps us comply with the SC family of NIST controls
Sketch
Here are the docs on setting up cert auto-discovery and redirecting HTTP to HTTPS.