Ensure that your web-tier Elastic Load Balancer (ELB) listeners are using a secure protocol such as HTTPS/SSL to encrypt the communication between the web application clients and the load balancer. This conformity rule assumes that all AWS resources (including ELBs) provisioned in your web tier are tagged with <web_tier_tag>:<web_tier_tag_value>, where <web_tier_tag> represents the tag name and <web_tier_tag_value> the tag value. Prior to running this rule by the Cloud Conformity engine, the web-tier tags must be configured within the rule settings, on your account dashboard.
This rule can help you with the following compliance standards:
This rule resolution is part of the Cloud Conformity Security & Compliance tool for AWS
When a web-tier AWS ELB has no HTTPS/SSL listeners, the front-end connection between the clients and the load balancer is vulnerable to eavesdropping and Man-In-The-Middle (MITM) attacks. The risk becomes even higher when the application is working with sensitive data such as health and personal records, credentials and credit card numbers. Using an HTTPS/SSL listener for the ELBs within your web tier will ensure that the front-end traffic is encrypted over the SSL\TLS channel and the web client data is secured.
Note: Make sure that you replace all <web_tier_tag>:<web_tier_tag_value> tag placeholders found in the conformity rule content with your own tag name and value created for the web tier.
Audit
To check your web-tier AWS ELB listeners for secure (HTTPS/SSL) configurations, perform the following actions:
Remediation / Resolution
To secure the connection between the web clients and your web-tier load balancer by using SSL encryption, update your ELB configuration to use listeners with HTTPS or SSL protocols (an X.509 SSL certificate is required). To implement HTTPS/SSL protocol for your web-tier ELB listeners, perform the following actions:
References
- AWS Documentation
- What Is Elastic Load Balancing?
- Listeners for Your Classic Load Balancer
- Configure an HTTPS Listener for Your Classic Load Balancer
- CIS Amazon Web Services Foundations
- AWS Command Line Interface (CLI) Documentation
- elb
- describe-load-balancers
- describe-tags
- create-load-balancer-listeners
- acm
- list-certificates
- iam
- list-server-certificates
Unlock the Remediation Steps
Gain free unlimited access
to our full Knowledge Base
Over 750 rules & best practices
for and
Get started for FREE
You are auditing:
Web-Tier ELB Listener Security
Risk level: High