Ensure that your app-tier AWS Elastic Load Balancers (ELBs) are using SSL/TLS certificates to encrypt the communication between your application users and the load balancer. When you use HTTPS/SSL for the ELB front-end listeners, you must deploy an SSL/TLS (X.509) certificate on your load balancer. An X.509 certificate is a digital form of identification issued by a trusted certificate authority. This certificate is used by the app-tier ELB to terminate the connection and decrypt requests from users before sending them to the backend instances. This conformity rule assumes that all AWS resources available in your app tier are tagged with <app_tier_tag>:<app_tier_tag_value>, where <app_tier_tag> represents the tag name and <app_tier_tag_value> represents the tag value. Prior to running this rule by the Cloud Conformity engine, the app-tier tags must be specified on the Cloud Conformity dashboard, in the rule settings.
Attaching valid SSL/TLS (X.509) certificates to ELB HTTPS/SSL listeners will make sure that the front-end traffic is encrypted and the application data is protected against eavesdropping and sniffing attacks.
Note: Make sure that you replace all <app_tier_tag>:<app_tier_tag_value> tag placeholders found in the conformity rule content with your own tag name and value created for the app tier.
To determine if your app-tier ELBs have SSL/TLS certificates attached to HTTPS/SSL listeners, perform the following actions:
Remediation / Resolution
To secure the traffic between your application users and the app-tier load balancer using SSL encryption, update your ELB configuration to attach an SSL/TLS server certificate. To attach an SSL/TLS (X.509) certificate to your ELB HTTPS/SSL listener, perform the following actions:
- AWS Documentation
- What Is Elastic Load Balancing?
- SSL/TLS Certificates for Classic Load Balancers
- Working with Server Certificates
- Configure an HTTPS Listener for Your Classic Load Balancer
- CIS Amazon Web Services Foundations
Unlock the Remediation Steps
Gain free unlimited access
to our full Knowledge Base
Over 750 rules & best practices
Get started for FREE
You are auditing:
Add SSL/TLS Server Certificates to App-Tier ELBs
Risk level: High