Rule: ELB Application Load Balancer Deletion Protection Enabled
Check if ELB application load balancer deletion protection is enabled to enhance security.
| Rule | ELB application load balancer deletion protection should be enabled |
| Framework | Federal Financial Institutions Examination Council (FFIEC) |
| Severity | ✔ High |
Rule Description:
The rule states that the deletion protection feature for an Application Load Balancer (ALB) in Elastic Load Balancing (ELB) should be enabled for Federal Financial Institutions Examination Council (FFIEC).
Details:
For organizations that fall under the jurisdiction of the Federal Financial Institutions Examination Council (FFIEC), it is essential to protect critical infrastructure components like Application Load Balancers (ALBs) from accidental deletion or removal. This rule mandates the inclusion of the deletion protection feature for ALBs to prevent any potential data loss or disruption of services.
When deletion protection is enabled, it adds an additional layer of security by preventing the accidental deletion of ALB resources through the AWS Management Console, APIs, or CLI commands. This ensures the ALB remains operational and mitigates the risk of any unintentional deletion, reducing the likelihood of service interruptions.
Troubleshooting Steps:
If deletion protection is not enabled for an ALB associated with an organization governed by the FFIEC, follow the steps below to troubleshoot and enable it:
- 1.Log in to the AWS Management Console.
- 2.Go to the EC2 Dashboard.
- 3.Click on "Load Balancers" in the left sidebar.
- 4.Select the specific ALB associated with the FFIEC organization.
- 5.In the "Attributes" tab, check if the deletion protection is already enabled. If it is, no further action is required.
- 6.If deletion protection is not enabled, click on the "Modify Attributes" button.
- 7.In the "Modify Attributes" window, locate the "Deletion Protection" option and enable it by selecting the checkbox.
- 8.Click on the "Save" button to apply the changes.
- 9.Make sure to review and validate that the deletion protection has been successfully enabled.
Necessary Code:
There is no specific code required to enable deletion protection for an ALB. It can be done through the AWS Management Console or CLI commands, as described in the troubleshooting steps above.
Remediation Steps:
To enable deletion protection for an ALB associated with an FFIEC organization, follow the steps below using the AWS Command Line Interface (CLI):
- 1.Install and set up the AWS CLI, if not already installed.
- 2.Open a terminal or command prompt.
- 3.Run the following command to enable deletion protection for the ALB:
aws elbv2 modify-load-balancer-attributes --load-balancer-arn <ALB_ARN> --attributes Key=deletion_protection.enabled,Value=true
Make sure to replace
<ALB_ARN>- 1.Once the command executes successfully, deletion protection will be enabled for the ALB associated with the FFIEC organization.
It is crucial to recheck and validate that deletion protection has been properly enabled by following the troubleshooting steps mentioned above.