Check your Application Load Balancer listeners for secure configurations. Trend Micro Cloud One™ – Conformity strongly recommends using the HTTPS (Secure HTTP) protocol to encrypt the communication between your application clients and your Amazon Application Load Balancer (ALB).
This rule can help you with the following compliance standards:
- PCI
- APRA
- MAS
For further details on compliance standards supported by Conformity, see here.
This rule resolution is part of the Conformity Security & Compliance tool for AWS.
When an Application Load Balancer (ALB) has no HTTPS listeners, the front-end connection between the clients and the load balancer is vulnerable to eavesdropping and Man-In-The-Middle (MITM) attacks. The risk becomes even higher when your application is working with sensitive data such as health and personal records, user credentials and credit card information.
Audit
To determine if your Application Load Balancers (ALBs) are using secure listeners, perform the following operations:
Remediation / Resolution
To secure (encrypt) the connection between your application clients and your load Application Load Balancers, update the listener configuration to support the HTTPS protocol (an X.509 SSL certificate is required). To add an HTTPS listener to your Application Load Balancer, perform the following operations:
References
- AWS Documentation
- Elastic Load Balancing FAQs
- Application Load Balancers
- Listeners for Your Application Load Balancers
- Create an HTTP listener for your Application Load Balancer
- Create an HTTPS listener for your Application Load Balancer
- AWS Command Line Interface (CLI) Documentation
- elbv2
- describe-load-balancers
- describe-listeners
- create-listener
- list-certificates
- list-server-certificates
- CloudFormation Documentation
- Elastic Load Balancing V2 resource type reference
- Terraform Documentation
- AWS Provider
Unlock the Remediation Steps
Free 30-day Trial
Automatically audit your configurations with Conformity
and gain access to our cloud security platform.
You are auditing:
ELBv2 ALB Listener Security
Risk Level: High