Ensure ELB Application Load Balancers Redirect HTTP Requests to HTTPS Rule
This rule ensures that ELB application load balancers redirect HTTP requests to HTTPS for enhanced security.
| Rule | ELB application load balancers should redirect HTTP requests to HTTPS |
| Framework | FedRAMP Low Revision 4 |
| Severity | ✔ Medium |
Rule Description
The ELB (Elastic Load Balancer) application load balancers should redirect HTTP requests to HTTPS for FedRAMP Low Revision 4. This rule ensures that the communication between clients and the load balancer is encrypted using HTTPS, providing enhanced security for the applications deployed behind the load balancer.
Troubleshooting Steps (if necessary)
- If HTTP redirection is not working as expected, ensure that the load balancer listeners are properly configured.
- Verify that the SSL/TLS certificates are correctly applied and valid for HTTPS traffic.
- Check if the security groups associated with the load balancer allow incoming connections on the appropriate HTTP (80) and HTTPS (443) ports.
Necessary Codes (if applicable)
There are no specific codes required for this rule.
Step-by-Step Guide for Remediation
- 1.Log in to the AWS Management Console.
- 2.Go to the EC2 service.
- 3.Select the region where the ELB application load balancer is located.
- 4.In the navigation pane, click on "Load Balancers."
- 5.Select the load balancer that needs to redirect HTTP to HTTPS.
- 6.Click on the "Listeners" tab.
- 7.Locate the listener for HTTP (port 80) in the list of existing listeners.
- 8.Click on the "Edit" button next to the HTTP listener.
- 9.In the "Edit Listener" window, change the Protocol to "Redirect HTTP to HTTPS."
- 10.Make sure the SSL certificate associated with the HTTPS listener is valid and correctly configured.
- 11.Click on the "Forward to" dropdown menu and select the appropriate target group for your application.
- 12.Click on the "Save" button to apply the changes.
- 13.Verify that the listener configuration is now redirecting HTTP requests to HTTPS.
- 14.Test the redirection by accessing the load balancer's HTTP URL. It should automatically redirect to HTTPS.
- 15.Repeat the process for any additional load balancers that need to redirect HTTP to HTTPS.
Note: It is recommended to test the functionality after implementing the changes to ensure that HTTP requests are redirected to HTTPS successfully.
Remember to follow security best practices and consult the official AWS documentation for more details on load balancer configuration and security requirements related to FedRAMP Low Revision 4.