Check your Amazon Application Load Balancer listeners for secure configurations. Cloud Conformity strongly recommends using the HTTPS (Secure HTTP) protocol to encrypt the communication between the application clients and the ELBv2 load balancer.
This rule can help you with the following compliance standards:
This rule resolution is part of the Cloud Conformity Security & Compliance tool for AWS
When an AWS ALB has no HTTPS listeners, the front-end connection between the clients and the load balancer is vulnerable to eavesdropping and Man-In-The-Middle (MITM) attacks. The risk becomes even higher when working with sensitive data such as health and personal records, credentials and credit card numbers.
To determine if your ELBv2 load balancers are using secure listeners, perform the following actions:
To secure (encrypt) the connection between your application clients and your load balancers, update AWS ALBs listeners configuration to support the HTTPS protocol (an X.509 SSL certificate is required). To add an HTTPS listener to your Application Load Balancers, perform the following: