Rule: ELB Application and Network Load Balancers SSL or HTTPS Listeners
Ensure ELB application and network load balancers use only SSL or HTTPS listeners.
| Rule | ELB application and network load balancers should only use SSL or HTTPS listeners |
| Framework | FedRAMP Moderate Revision 4 |
| Severity | ✔ High |
Rule Description:
According to the FedRAMP Moderate Revision 4 requirements, Elastic Load Balancers (ELBs) should only use SSL or HTTPS listeners. This rule ensures that the communication between clients and the load balancer is encrypted and secured over secure protocols.
Possible Troubleshooting Steps:
- 1.Check the listeners configuration of the ELBs.
- 2.Verify if SSL or HTTPS listeners are enabled.
- 3.Ensure that no non-secure (HTTP) listeners are configured.
Necessary Codes:
No codes are required for this rule/policy.
Steps for Remediation:
- 1.Login to the AWS Management Console.
- 2.Navigate to the EC2 service.
- 3.Click on "Load Balancers" in the left-hand menu.
- 4.Select the desired ELB (either application or network load balancer).
- 5.Click on the "Listeners" tab.
- 6.Review the existing listeners.
- 7.Remove any non-secure listeners (HTTP) if present.
- 8.Edit the existing listeners to use SSL or HTTPS protocols.
- 9.Add a new listener if necessary.
- 10.Save the changes.
CLI Command(s) for Remediation:
No CLI commands are required for this policy. The remediation can be done through the AWS Management Console.
Note: The above steps may vary slightly based on the AWS Management Console version or any UI updates. Please refer to the AWS documentation or contact AWS support for specific instructions relevant to your environment.
By adhering to this rule, you ensure that your ELBs are only using SSL or HTTPS listeners as required by the FedRAMP Moderate Revision 4 standards. This enhances the security and confidentiality of your data by encrypting the communication between clients and the load balancer.