Rule: ELB Application and Classic Load Balancer Logging Should Be Enabled
This rule ensures that ELB application and classic load balancer logging is enabled for cybersecurity controls.
| Rule | ELB application and classic load balancer logging should be enabled |
| Framework | Federal Financial Institutions Examination Council (FFIEC) |
| Severity | ✔ High |
Rule Description
The rule/policy requires enabling logging for ELB (Elastic Load Balancer) application and classic load balancer in order to comply with the Federal Financial Institutions Examination Council (FFIEC) regulations. By enabling logging, log files will be generated and stored, providing important information and insights into the load balancer's activity. This helps in troubleshooting, monitoring, and auditing the load balancer's operations.
Troubleshooting Steps
- 1.
Check if the ELB and classic load balancer are already in use in your environment.
- 2.
Verify if the logging feature is currently enabled for the load balancers.
- 3.
Review the log files from the load balancer to ensure they contain the necessary information required by FFIEC.
Necessary Codes
There are no specific codes to generate for this rule, as it mainly involves enabling the logging feature for ELB and classic load balancer.
Step-by-Step Guide for Remediation
Follow the steps below to remediate the issue and enable logging for ELB application and classic load balancer:
- 1.
Log in to the AWS Management Console or use AWS CLI with appropriate permissions.
- 2.
Identify the ELB and classic load balancer in your environment for which logging needs to be enabled.
- 3.
For ELB Application load balancer:
- In the AWS Management Console, navigate to the EC2 service.
- Click on "Load Balancers" in the left sidebar.
- Select the ELB Application load balancer you want to enable logging for.
- In the "Description" tab, click on "Edit attributes".
- Scroll down to the "Access logs" section and enable the "Access logs" feature.
- Choose the S3 bucket and specify a prefix if necessary, where the log files will be stored.
- Configure the desired log file settings such as file format and retention duration.
- Click on "Save" to enable logging for the ELB Application load balancer.
- 4.
For Classic Load Balancer:
- In the AWS Management Console, navigate to the EC2 service.
- Click on "Load Balancers" in the left sidebar.
- Select the Classic Load Balancer you want to enable logging for.
- In the "Description" tab, click on "Enable access logs".
- Choose the S3 bucket and specify a prefix if necessary, where the log files will be stored.
- Configure the desired log file settings such as file format and retention duration.
- Click on "Save" to enable logging for the Classic Load Balancer.
- 5.
Verify that the logging feature is enabled by checking the load balancer's configuration or by viewing the generated log files stored in the specified S3 bucket.
- 6.
Periodically review the log files to ensure they contain the required information as per FFIEC regulations.
By following these steps, you will successfully enable and configure logging for ELB application and classic load balancer, meeting the requirements set by FFIEC.