This rule ensures that ELB Application Load Balancers properly redirect HTTP requests to HTTPS for increased security.
Rule | ELB application load balancers should redirect HTTP requests to HTTPS |
Framework | HIPAA |
Severity | ✔ Medium |
Rule Description: The rule requires that all HTTP requests made to the Elastic Load Balancer (ELB) application load balancers in a HIPAA-compliant environment should be redirected to HTTPS. This ensures that sensitive healthcare data transmitted between the clients and the load balancer is securely encrypted.
Troubleshooting Steps:
Necessary Codes (AWS CLI):
aws elbv2 create-rule --listener-arn <listener_arn> --priority <priority_number> --conditions Field=host-header,Values=['*'] --actions Type=redirect,RedirectConfig={"Protocol":"HTTPS","Port":"443","StatusCode":"HTTP_301"}
Replace
<listener_arn>
with the ARN of the HTTPS listener and <priority_number>
with an appropriate rule priority.Step-by-Step Guide for Remediation:
Note: It is recommended to refer to the official AWS documentation for precise CLI commands and specific troubleshooting scenarios.