Login

Cloud Defense Logo

Products

Solutions

Company

Book A Live Demo

Rule: ELB Application Load Balancer Deletion Protection Enabled

This rule ensures that the deletion protection is enabled for ELB application load balancers.

RuleELB application load balancer deletion protection should be enabled
FrameworkFedRAMP Low Revision 4
Severity
High

Rule Description:

The ELB (Elastic Load Balancer) application load balancer deletion protection must be enabled for FedRAMP (Federal Risk and Authorization Management Program) Low Revision 4. This is a security measure to prevent accidental deletion or modification of critical load balancers that are used in the infrastructure.

Troubleshooting Steps:

If deletion protection is not enabled for the ELB application load balancer, follow these troubleshooting steps to enable it:

  2. 1.
    Check the current state of deletion protection for the load balancer by navigating to the AWS Management Console.
  4. 2.
    Go to the EC2 service and click on "Load Balancers" in the navigation pane.
  6. 3.
    Look for the specific application load balancer that needs deletion protection enabled, and select it.
  8. 4.
    In the "Description" tab, check the value of the "Deletion Protection" attribute.
  10. 5.
    If the attribute is set to "Disabled," it means that deletion protection is not enabled.

Necessary Codes:

If deletion protection is not enabled, you can use the following AWS CLI command to enable it:

aws elbv2 modify-load-balancer-attributes --load-balancer-arn <load_balancer_arn> --attributes Key=deletion_protection.enabled,Value=true

Note: Replace 

<load_balancer_arn>
with the ARN (Amazon Resource Name) of the load balancer you want to enable deletion protection for.

Step-by-Step Guide for Remediation:

Follow these steps to enable deletion protection for an ELB application load balancer:

  2. 1.
    Open the AWS Management Console and go to the EC2 service.
  4. 2.
    In the navigation pane, click on "Load Balancers" to access the list of load balancers.
  6. 3.
    Locate the specific application load balancer that requires deletion protection and select it.
  8. 4.
    In the "Description" tab, verify that the "Deletion Protection" attribute is set to "Disabled." If it is already enabled, no further action is needed.
  10. 5.
    If deletion protection is not enabled, click on the "Actions" button and select "Edit attributes" from the dropdown menu.
  12. 6.
    In the "Edit Attributes" dialog box, select the checkbox for "Enable deletion protection."
  14. 7.
    Click on the "Save" button to apply the changes and enable deletion protection for the load balancer.

Alternatively, you can use the AWS CLI command mentioned earlier:

aws elbv2 modify-load-balancer-attributes --load-balancer-arn <load_balancer_arn> --attributes Key=deletion_protection.enabled,Value=true

Make sure to replace 

<load_balancer_arn>
with the ARN of the load balancer you want to enable deletion protection for.

Enabling deletion protection ensures that accidental deletion or modification of the load balancer is prohibited, providing an extra layer of security for the infrastructure.

Is your System Free of Underlying Vulnerabilities?
Find Out Now