Cloud Defense Logo

Products

Solutions

Company

Book A Live Demo

Enable ELB Application and Classic Load Balancer Logging Rule

Ensure that logging is enabled for ELB application and classic load balancers.

RuleELB application and classic load balancer logging should be enabled
FrameworkNIST 800-171 Revision 2
Severity
High

Rule Description

ELB (Elastic Load Balancer) logging should be enabled for NIST 800-171 Revision 2 compliance. This ensures that all activities and transactions passing through the load balancer are logged, allowing for effective monitoring, auditing, and troubleshooting.

Troubleshooting steps

If ELB logging is not enabled or not functioning as expected, follow these troubleshooting steps:

  1. 1.

    Check Load Balancer Configuration: Verify that the load balancer is properly configured and associated with the appropriate instances. Ensure that the necessary ports are open and the security groups and network ACLs are correctly configured.

  2. 2.

    Check IAM Roles: Confirm that the IAM role attached to the load balancer has the necessary permissions to write logs to the specified log destination. Check if the IAM role has been properly configured with the necessary policies.

  3. 3.

    Review CloudWatch Logs: Analyze the CloudWatch logs associated with the load balancer to identify any error messages or log delivery issues. Check the log group and log stream to ensure they are created and accepting log entries.

  4. 4.

    Verify Bucket Permissions: Ensure that the destination S3 bucket for the ELB logs has the correct permissions to receive and store log files. Check the bucket policy, access control lists (ACLs), and any other relevant configurations.

  5. 5.

    Check Logging Configuration: Double-check the load balancer configuration to ensure that logging is enabled and configured correctly. Verify that the log bucket and log prefix are specified accurately.

  6. 6.

    Review Firewall and Network Configurations: Examine the network architecture and firewall settings to confirm that they don't block the necessary communication between the load balancer and CloudWatch Logs. Check any network-level configurations related to outgoing traffic.

  7. 7.

    Check Log Delivery: Validate that log files are being delivered to the designated S3 bucket by examining the bucket contents. Ensure that log files are generated and uploaded on a regular basis.

Necessary Codes

In order to enable ELB logging for NIST 800-171 Revision 2 compliance, you can use the AWS Command Line Interface (CLI) with the following code:

aws elbv2 modify-load-balancer-attributes --load-balancer-arn <LOAD_BALANCER_ARN> --attributes Key=access_logs.s3.enabled,Value=true Key=access_logs.s3.bucket,Value=<S3_BUCKET_NAME> Key=access_logs.s3.prefix,Value=<S3_LOG_PREFIX>

Replace

<LOAD_BALANCER_ARN>
with the ARN of your load balancer,
<S3_BUCKET_NAME>
with the name of the S3 bucket where the logs will be stored, and
<S3_LOG_PREFIX>
with the desired prefix for log file names.

Step-by-step Guide for Remediation

To enable ELB logging for NIST 800-171 Revision 2 compliance, follow these steps:

  1. 1.

    Open the AWS Management Console and navigate to the EC2 service.

  2. 2.

    In the navigation pane, click on "Load Balancers" under the "LOAD BALANCING" section.

  3. 3.

    Select the desired load balancer from the list.

  4. 4.

    In the "Description" tab, locate the "Access logs" section and click on the "Edit" button.

  5. 5.

    In the "Configure access logs" window, toggle the "Enable access logs" option to "Yes".

  6. 6.

    Enter the name of the S3 bucket where you want the logs to be stored in the "S3 Bucket" field.

  7. 7.

    Optionally, specify a prefix for the log file names in the "S3 Prefix" field.

  8. 8.

    Click on the "Save" button to enable ELB logging.

  9. 9.

    Verify that logging is enabled by checking the "Access logs" section in the load balancer's "Description" tab. It should show that logging is enabled, along with the specified bucket name and prefix.

  10. 10.

    Monitor the S3 bucket to ensure log files are regularly delivered and stored.

By following these steps, you will successfully enable ELB logging for NIST 800-171 Revision 2 compliance.

Is your System Free of Underlying Vulnerabilities?
Find Out Now