Check your Amazon Application Load Balancer listeners for secure configurations. Cloud Conformity strongly recommends using the HTTPS (Secure HTTP) protocol to encrypt the communication between the application clients and the ELBv2 load balancer.
This rule can help you with the following compliance standards:
This rule resolution is part of the Cloud Conformity Security & Compliance tool for AWS
When an AWS ALB has no HTTPS listeners, the front-end connection between the clients and the load balancer is vulnerable to eavesdropping and Man-In-The-Middle (MITM) attacks. The risk becomes even higher when working with sensitive data such as health and personal records, credentials and credit card numbers.
Audit
To determine if your ELBv2 load balancers are using secure listeners, perform the following actions:
Remediation / Resolution
To secure (encrypt) the connection between your application clients and your load balancers, update AWS ALBs listeners configuration to support the HTTPS protocol (an X.509 SSL certificate is required). To add an HTTPS listener to your Application Load Balancers, perform the following:
References
- AWS Documentation
- Elastic Load Balancing FAQs
- Application Load Balancers
- Listeners for Your Application Load Balancers
- Create a Listener for Your Application Load Balancer
- HTTPS Listeners for Your Application Load Balancer
- AWS Command Line Interface (CLI) Documentation
- elbv2
- describe-load-balancers
- describe-listeners
- create-listener
- list-certificates
- list-server-certificates
Unlock the Remediation Steps
Gain free unlimited access
to our full Knowledge Base
Over 750 rules & best practices
for and
Get started for FREE
You are auditing:
ELBv2 ALB Listener Security
Risk level: High