Rule for ELB Application Load Balancers Redirecting HTTP to HTTPS
This rule focuses on ensuring ELB application load balancers redirect HTTP requests to HTTPS.
| Rule | ELB application load balancers should redirect HTTP requests to HTTPS |
| Framework | NIST 800-171 Revision 2 |
| Severity | ✔ Medium |
Rule Description:
ELB (Elastic Load Balancer) application load balancers should redirect HTTP requests to HTTPS for compliance with NIST (National Institute of Standards and Technology) 800-171 Revision 2 requirements. This ensures that all HTTP traffic is automatically redirected to the more secure HTTPS protocol, providing encryption and enhanced security for data transmission.
Troubleshooting Steps (if required):
If you encounter any issues while implementing the HTTP to HTTPS redirection for ELB application load balancers, follow these troubleshooting steps:
- 1.
Verify the ELB configuration: Ensure that the ELB is properly configured and associated with the correct target groups, listeners, and rules.
- 2.
SSL certificate configuration: Confirm that the SSL certificate is correctly installed and associated with the ELB listener. Check for any certificate-related errors, such as expiry or incorrect installation.
- 3.
Security Group settings: Review the security group settings for the ELB and associated instances. Ensure that the necessary inbound and outbound rules are configured to allow traffic on the appropriate ports (HTTP and HTTPS).
- 4.
Health check configuration: Check the health check settings for the target group associated with the ELB. Ensure that the health check protocol and port are correctly configured to match the listener and instance settings.
Necessary Code (if applicable):
Here is an example of the AWS CLI command to create a redirect rule for ELB application load balancers:
aws elbv2 create-rule --listener-arn <listener_arn> --priority <rule_priority> --conditions Field=path-pattern,Values='/*' --actions Type=redirect,RedirectConfig={Protocol=HTTPS,Port=443,Host='#{host}',Path='#{path}',Query='#{query}',StatusCode=HTTP_301}
Please note that you need to replace
<listener_arn><rule_priority>Step-by-Step Guide for Remediation:
Follow these steps to redirect HTTP requests to HTTPS for ELB application load balancers:
- 1.
Identify the ELB application load balancer: Determine the ELB that requires HTTP to HTTPS redirection. Note down the associated listener ARN.
- 2.
Configure the redirect rule: Use the AWS CLI or AWS Management Console to create a redirect rule for the ELB listener. Set the redirect protocol to HTTPS, specify the port as 443, and configure any desired hostname, path, or query string modifications.
- 3.
Associate the redirect rule: Attach the redirect rule to the appropriate listener using the listener ARN.
- 4.
Test the redirection: Verify that HTTP requests to the ELB now get automatically redirected to HTTPS. Test the redirection for different URLs, ensuring that the redirection works as expected.
- 5.
Monitor and troubleshoot: Monitor the ELB and associated instances for any errors or issues. If needed, refer to the troubleshooting steps mentioned earlier to resolve any problems encountered.
By following these steps, you can successfully enable HTTP to HTTPS redirection on your ELB application load balancers, aligning with the NIST 800-171 Revision 2 requirements for enhanced security.