AWS ELBv2 Best Practices

Best practice rules for Elastic Load Balancing V2

Trend Micro Cloud One™ – Conformity monitors Elastic Load Balancing V2 with the following rules:

• ELBv2 ALB Listener Security

  Ensure that your Application Load Balancer (ALB) listeners are using a secure protocol such as HTTPS.

• ELBv2 ALB Security Group

  Ensure that your Amazon ELBv2 load balancers have secure and valid security groups.

• ELBv2 ALB Security Policy

  Ensure AWS Application Load Balancers (ALBs) are using the latest predefined security policy.

• ELBv2 Access Log

  Ensure access logging is enabled for your AWS ALBs to follow security best practices.

• ELBv2 Elastic Load Balancing Deletion Protection

  Ensure Deletion Protection feature is enabled for your AWS load balancers to follow security best practices.

• ELBv2 Minimum Number of EC2 Target Instances

  Ensure there is a minimum number of two healthy target instances associated with each AWS ELBv2 load balancer.

• ELBv2 NLB Listener Security

  Ensure that your AWS Network Load Balancer listeners are using a secure protocol such as TLS

• Enable HTTP to HTTPS Redirect for Application Load Balancers

  Ensure that your Application Load Balancers have a rule that redirects HTTP traffic to HTTPS.

• Internet Facing ELBv2 Load Balancers

  Ensure internet-facing ELBv2 load balancers are regularly reviewed for security reasons (informational).

• Network Load Balancer Security Policy

  Ensure that AWS Network Load Balancers are using the latest predefined security policy.

• Unused ELBv2 Load Balancers

  Identify unused Elastic Load Balancers (ELBv2) and delete them in order to reduce AWS costs.