Ensure that your web-tier Elastic Load Balancers (ELBs) are using SSL/TLS server certificates to encrypt the communication between the web application clients and the load balancer. When you use HTTPS/SSL (secure HTTP/TCP) for the ELB front-end listeners, you must deploy an SSL/TLS certificate on your load balancer. This SSL/TLS server certificate is used by the web-tier ELB to terminate the connection and decrypt requests from clients before sending them to the EC2 instances behind the load balancer (also known as backend instances). This conformity rule assumes that all AWS resources (including load balancers) provisioned in your web tier are tagged with <web_tier_tag>:<web_tier_tag_value>, where <web_tier_tag> represents the tag name and <web_tier_tag_value> the tag value. Prior to running this rule by the Cloud Conformity engine, the web-tier tags must be specified on the Cloud Conformity dashboard, within the rule configuration settings.
Attaching valid SSL/TLS certificates to load balancer HTTPS/SSL listeners will guarantee that the front-end traffic is encrypted over the SSL/TLS channel and the web client data is protected against eavesdropping and sniffing attacks. Note: Make sure that you replace all <web_tier_tag>:<web_tier_tag_value> tag placeholders found in the conformity rule content with your own tag name and value created for the web tier.
To determine if your web-tier ELBs have SSL/TLS server certificates attached to HTTPS/SSL listeners, perform the following:
To secure the traffic between the web clients and your web-tier load balancer using SSL encryption, update your ELB configuration to attach an SSL/TLS server certificate (an X.509 certificate is required). To attach an SSL/TLS certificate to your ELB HTTPS/SSL listener, perform the following actions: