Ensure that your web-tier Elastic Load Balancer (ELB) listeners are using a secure protocol such as HTTPS/SSL to encrypt the communication between the web application clients and the load balancer. This conformity rule assumes that all AWS resources (including ELBs) provisioned in your web tier are tagged with <web_tier_tag>:<web_tier_tag_value>, where <web_tier_tag> represents the tag name and <web_tier_tag_value> the tag value. Prior to running this rule by the Cloud Conformity engine, the web-tier tags must be configured within the rule settings, on your account dashboard.
When a web-tier AWS ELB has no HTTPS/SSL listeners, the front-end connection between the clients and the load balancer is vulnerable to eavesdropping and Man-In-The-Middle (MITM) attacks. The risk becomes even higher when the application is working with sensitive data such as health and personal records, credentials and credit card numbers. Using an HTTPS/SSL listener for the ELBs within your web tier will ensure that the front-end traffic is encrypted over the SSL\TLS channel and the web client data is secured. Note: Make sure that you replace all <web_tier_tag>:<web_tier_tag_value> tag placeholders found in the conformity rule content with your own tag name and value created for the web tier.
To check your web-tier AWS ELB listeners for secure (HTTPS/SSL) configurations, perform the following actions:
To secure the connection between the web clients and your web-tier load balancer by using SSL encryption, update your ELB configuration to use listeners with HTTPS or SSL protocols (an X.509 SSL certificate is required). To implement HTTPS/SSL protocol for your web-tier ELB listeners, perform the following actions: