Ensure that your app-tier Elastic Load Balancer (ELB) listeners are using the HTTPS/SSL protocol to encrypt the communication between your application clients and the load balancer. This conformity rule assumes that all AWS resources provisioned within your app tier are tagged with <app_tier_tag>:<app_tier_tag_value>, where <app_tier_tag> represents the tag name and <app_tier_tag_value> the tag value. Prior to running this rule by the Cloud Conformity engine, the app-tier tags must be configured in the rule settings, on your Cloud Conformity account dashboard.
When an app-tier AWS ELB has no HTTPS/SSL listeners, the front-end connection between the clients and the load balancer is vulnerable to eavesdropping and Man-In-The-Middle (MITM) attacks. The risk becomes even higher when the application is working with sensitive data such as health and personal records, credentials and credit card numbers. Using an HTTPS/SSL listener for the ELBs within your app tier will ensure that the application traffic between the client and the load balancer is encrypted over the SSL\TLS, and the transmitted data is secured. Note: Make sure that you replace all <app_tier_tag>:<app_tier_tag_value> tag placeholders found in the conformity rule content with your own tag name and value created for the app tier.
To check your app-tier AWS ELB listeners for secure configurations, perform the following actions:
To secure the connection between the application clients and app-tier load balancer by using SSL encryption, update your ELB configuration to use listeners with HTTPS or SSL protocols. To implement HTTPS/SSL protocol for your app-tier ELB listeners, perform the following actions: