Ensure that your app-tier Elastic Load Balancer (ELB) listeners are using the HTTPS/SSL protocol to encrypt the communication between your application clients and the load balancer. This conformity rule assumes that all AWS resources provisioned within your app tier are tagged with <app_tier_tag>:<app_tier_tag_value>, where <app_tier_tag> represents the tag name and <app_tier_tag_value> the tag value. Prior to running this rule by the Cloud Conformity engine, the app-tier tags must be configured in the rule settings, on your Cloud Conformity account dashboard.
This rule can help you with the following compliance standards:
This rule resolution is part of the Cloud Conformity Security & Compliance tool for AWS
When an app-tier AWS ELB has no HTTPS/SSL listeners, the front-end connection between the clients and the load balancer is vulnerable to eavesdropping and Man-In-The-Middle (MITM) attacks. The risk becomes even higher when the application is working with sensitive data such as health and personal records, credentials and credit card numbers. Using an HTTPS/SSL listener for the ELBs within your app tier will ensure that the application traffic between the client and the load balancer is encrypted over the SSL\TLS, and the transmitted data is secured.
Note: Make sure that you replace all <app_tier_tag>:<app_tier_tag_value> tag placeholders found in the conformity rule content with your own tag name and value created for the app tier.
Audit
To check your app-tier AWS ELB listeners for secure configurations, perform the following actions:
Remediation / Resolution
To secure the connection between the application clients and app-tier load balancer by using SSL encryption, update your ELB configuration to use listeners with HTTPS or SSL protocols. To implement HTTPS/SSL protocol for your app-tier ELB listeners, perform the following actions:
References
- AWS Documentation
- What Is Elastic Load Balancing?
- Listeners for Your Classic Load Balancer
- Configure an HTTPS Listener for Your Classic Load Balancer
- CIS Amazon Web Services Foundations
- AWS Command Line Interface (CLI) Documentation
- elb
- describe-load-balancers
- describe-tags
- create-load-balancer-listeners
- acm
- list-certificates
- iam
- list-server-certificates
Unlock the Remediation Steps
Gain free unlimited access
to our full Knowledge Base
Over 750 rules & best practices
for and
Get started for FREE
You are auditing:
App-Tier ELB Listener Security
Risk level: High