Rule: ELB Application and Classic Load Balancer Logging Enabled

This rule ensures that ELB application and classic load balancer logging is enabled.

Rule	ELB application and classic load balancer logging should be enabled
Framework	CISA-cyber-essentials
Severity	✔ High

Rule Description

Enabling logging for ELB (Elastic Load Balancer) application and classic load balancer is recommended for CISA (Cybersecurity and Infrastructure Security Agency) Cyber Essentials compliance. Logging provides valuable insights into the health and performance of the load balancer and can help in detecting and troubleshooting any issues that may arise.

Troubleshooting Steps

If logging is not already enabled for ELB application and classic load balancer, follow the steps below to enable it:

Step 1: Select the Load Balancer

1.
Open the AWS Management Console.

2.
Navigate to the EC2 service.

3.
In the navigation pane, select "Load Balancers".

Step 2: Choose the Load Balancer

1.
Select the desired load balancer from the list.

Step 3: Enable Logging

1.
Under the "Description" tab, scroll down to the "Attributes" section.

2.
Click on the "Edit attributes" button.

3.
Enable the logging option by checking the box next to "Enable Access Logs".

4.
Specify the target Amazon S3 bucket to store the logs.

5.
Optionally, set a prefix for the log file names.

Step 4: Save the Configuration

1.
Click the "Save" button to save the changes made to the load balancer configuration.

CLI Command

Alternatively, logging for ELB application and classic load balancer can also be enabled using AWS CLI. The following command can be used:

aws elb modify-load-balancer-attributes --load-balancer-name <load_balancer_name> --access-log-enabled --access-log-destination-bucket <S3_bucket_name> --access-log-destination-prefix <prefix>

Ensure to replace

<load_balancer_name>

<S3_bucket_name>

, and

<prefix>

with appropriate values specific to your environment.

Remediation Steps

To enable logging for ELB application and classic load balancer, follow the step-by-step guide mentioned above in the "Troubleshooting Steps" section. If you prefer using CLI, execute the provided AWS CLI command after replacing the placeholder values.

Enabling logging for ELB application and classic load balancer will ensure that important data related to traffic, errors, and health of the load balancer is captured and can be used for analysis, auditing, and troubleshooting purposes.

Rule: ELB Application and Classic Load Balancer Logging Enabled

.css-doq6ia{margin:0;font-family:Inter;font-weight:400;font-size:1.2857142857142858rem;line-height:1.5;color:#161857;text-align:left;font-size:26px;font-weight:700;margin-top:1rem;}Step 1: Select the Load Balancer

.css-doq6ia{margin:0;font-family:Inter;font-weight:400;font-size:1.2857142857142858rem;line-height:1.5;color:#161857;text-align:left;font-size:26px;font-weight:700;margin-top:1rem;}Step 2: Choose the Load Balancer

.css-doq6ia{margin:0;font-family:Inter;font-weight:400;font-size:1.2857142857142858rem;line-height:1.5;color:#161857;text-align:left;font-size:26px;font-weight:700;margin-top:1rem;}Step 3: Enable Logging

.css-doq6ia{margin:0;font-family:Inter;font-weight:400;font-size:1.2857142857142858rem;line-height:1.5;color:#161857;text-align:left;font-size:26px;font-weight:700;margin-top:1rem;}Step 4: Save the Configuration

Is your System Free of Underlying Vulnerabilities? Find Out Now

Step 1: Select the Load Balancer

Step 2: Choose the Load Balancer

Step 3: Enable Logging

Step 4: Save the Configuration

Is your System Free of Underlying Vulnerabilities?
Find Out Now