Ensure that your web-tier Elastic Load Balancers (ELBs) are using SSL/TLS server certificates to encrypt the communication between the web application clients and the load balancer. When you use HTTPS/SSL (secure HTTP/TCP) for the ELB front-end listeners, you must deploy an SSL/TLS certificate on your load balancer. This SSL/TLS server certificate is used by the web-tier ELB to terminate the connection and decrypt requests from clients before sending them to the EC2 instances behind the load balancer (also known as backend instances). This conformity rule assumes that all AWS resources (including load balancers) provisioned in your web tier are tagged with <web_tier_tag>:<web_tier_tag_value>, where <web_tier_tag> represents the tag name and <web_tier_tag_value> the tag value. Prior to running this rule by the Cloud Conformity engine, the web-tier tags must be specified on the Cloud Conformity dashboard, within the rule configuration settings.
Attaching valid SSL/TLS certificates to load balancer HTTPS/SSL listeners will guarantee that the front-end traffic is encrypted over the SSL/TLS channel and the web client data is protected against eavesdropping and sniffing attacks.
Note: Make sure that you replace all <web_tier_tag>:<web_tier_tag_value> tag placeholders found in the conformity rule content with your own tag name and value created for the web tier.
To determine if your web-tier ELBs have SSL/TLS server certificates attached to HTTPS/SSL listeners, perform the following:
Remediation / Resolution
To secure the traffic between the web clients and your web-tier load balancer using SSL encryption, update your ELB configuration to attach an SSL/TLS server certificate (an X.509 certificate is required). To attach an SSL/TLS certificate to your ELB HTTPS/SSL listener, perform the following actions:
- AWS Documentation
- What Is Elastic Load Balancing?
- SSL/TLS Certificates for Classic Load Balancers
- Working with Server Certificates
- Configure an HTTPS Listener for Your Classic Load Balancer
- CIS Amazon Web Services Foundations
Unlock the Remediation Steps
Gain free unlimited access
to our full Knowledge Base
Over 750 rules & best practices
Get started for FREE
You are auditing:
Add SSL/TLS Server Certificates to Web-Tier ELBs
Risk level: High