Rule: ELB Application and Network Load Balancers SSL Usage
This rule states that ELB application and network load balancers should only use SSL or HTTPS listeners.
| Rule | ELB application and network load balancers should only use SSL or HTTPS listeners |
| Framework | GxP 21 CFR Part 11 |
| Severity | ✔ High |
Title: Rule Description and Remediation for GxP 21 CFR Part 11 Compliance with SSL/HTTPS Listeners for ELB Application and Network Load Balancers
Description: To ensure compliance with the GxP 21 CFR Part 11 regulations regarding the security of electronic records and digital signatures, it is required that Elastic Load Balancers (ELB) - both application and network load balancers - only use SSL or HTTPS listeners. This rule aims to protect sensitive information by encrypting communication between clients and the load balancers, thus preventing unauthorized access.
Troubleshooting Steps (if applicable): If non-HTTPS listeners are found on ELB application or network load balancers, follow the remediation steps outlined below to address the compliance violation.
Remediation Steps:
- 1.
Identify the load balancers:
- Access the AWS Management Console or use AWS CLI commands to identify the ELB application and network load balancers associated with your application or infrastructure.
- 2.
Audit the listeners:
- Review the configuration of each load balancer to identify any non-HTTPS listeners.
- For the application load balancer, check the configuration of the "Listener" section.
- For the network load balancer, check the configuration of "Listeners" in the "Actions" menu.
- 3.
Modify or delete non-compliant listeners:
- For any load balancer with non-HTTPS listeners, modify them to use HTTPS or delete them if they are no longer needed.
- To modify, select the non-compliant listener and choose "Edit", then update the configuration to use HTTPS.
- To delete, select the non-compliant listener and choose "Delete".
- 4.
Create a new HTTPS listener (if necessary):
- If there are no HTTPS listeners present or additional HTTPS listeners are required, follow these steps to create a new one:
- 1.
For application load balancer:
- Select the "Listeners" tab, then click "Add listener".
- Choose "HTTPS" protocol and provide the necessary SSL certificate details.
- Configure the other settings as per your requirements.
- 2.
For network load balancer:
- Select the load balancer and go to "Listeners" in the "Actions" menu.
- Click "Add listener" and choose "HTTPS" protocol.
- Provide the necessary SSL certificate details and configure other settings accordingly.
- 5.
Validate the configuration:
- Once the updates are made, ensure that the load balancers are functioning as expected and the connections are established securely using SSL/HTTPS listeners.
- Test your application or infrastructure to verify that the communication with the load balancers occurs over HTTPS only.
Note: Remember to retain appropriate documentation of SSL certificates, configurations, and any changes made to demonstrate compliance with GxP 21 CFR Part 11 regulations.
Code (if applicable): No specific code is required for this rule. The modifications and creation of HTTPS listeners are performed using the AWS Management Console or the AWS CLI with appropriate commands related to load balancers (e.g. "aws elbv2 create-listener").
Conclusion: By adhering to this rule that mandates the usage of SSL or HTTPS listeners for ELB application and network load balancers, you ensure compliance with GxP 21 CFR Part 11 regulations. This not only protects sensitive data but also reinforces the security of electronic records and digital signatures.