Rule: ELB Application Load Balancer Deletion Protection Enabled
This rule ensures the protection for deletion of ELB application load balancer is enabled.
| Rule | ELB application load balancer deletion protection should be enabled |
| Framework | CISA-cyber-essentials |
| Severity | ✔ High |
Rule Description: ELB Application Load Balancer Deletion Protection for CISA-Cyber Essentials
Deletion protection is an important security measure that helps prevent accidental deletion or modification of critical resources. This rule requires enabling deletion protection for the Application Load Balancer within AWS Elastic Load Balancing (ELB) service, specifically for resources associated with the CISA-Cyber Essentials standard.
Troubleshooting Steps (if any):
- Check if you have the necessary permissions to modify the ELB settings.
- Ensure that your AWS account has the required access level to enable deletion protection for the Application Load Balancer.
Necessary Codes (if any):
- No specific code snippets are required for this rule.
Step-by-Step Guide for Remediation:
1. Login to your AWS Console:
- Open a web browser and navigate to the AWS Management Console (https://console.aws.amazon.com).
- Enter your login credentials (username and password) and click "Sign In".
2. Navigate to Elastic Load Balancing (ELB) Service:
- Once logged in, click on "Services" in the top menu bar and search for "ELB" in the search bar.
- Select "Elastic Load Balancing" from the results to open the ELB service.
3. Choose Application Load Balancer:
- From the left-hand side menu, click on "Load Balancers" to view the list of your load balancers.
- Look for the Application Load Balancer associated with CISA-Cyber Essentials and click on its name to open its details.
4. Enable Deletion Protection:
- In the Application Load Balancer details page, click on the "Attributes" tab.
- Scroll down to find the "General attributes" section.
- Locate the "Deletion Protection" attribute and ensure it is set to enabled. If not, click on the "Edit" button and enable the deletion protection.
- Save the changes by clicking on the "Save" button.
5. Verification:
- Once the deletion protection is enabled, the Application Load Balancer will be protected from accidental deletion or modification.
- Confirm the successful enabling of deletion protection by checking the attribute on the Application Load Balancer details page.
Conclusion:
By following the step-by-step guide provided above, you will be able to enable deletion protection for the Application Load Balancer associated with CISA-Cyber Essentials. This ensures better security and reduces the risk of accidental deletion or modification of the load balancer, contributing to compliance with CISA-Cyber Essentials standards.