Rule: ELB Application Load Balancer Deletion Protection Enabled
This rule ensures that deletion protection is enabled for ELB application load balancers.
| Rule | ELB application load balancer deletion protection should be enabled |
| Framework | NIST 800-53 Revision 4 |
| Severity | ✔ High |
Description of the Rule
The rule requires that deletion protection be enabled for ELB (Elastic Load Balancer) application load balancers. Specifically, it focuses on the compliance requirement of NIST 800-53 Revision 4. This rule is meant to ensure that ELB load balancers are protected from accidental or unauthorized deletion, thus maintaining the stability and availability of applications.
Troubleshooting Steps
If deletion protection is not enabled for an ELB application load balancer, you may encounter the following issues:
- 1.Unintentional Deletion: Without deletion protection, an ELB load balancer can be deleted accidentally, resulting in the disruption of application traffic and potential downtime.
- 2.Unauthorized Deletion: Without protection, an attacker or unauthorized user could maliciously delete the load balancer, causing significant harm to the application infrastructure.
To troubleshoot and enforce deletion protection, follow the remediation steps outlined below.
Remediation Steps
To enable deletion protection for an ELB application load balancer and ensure compliance with NIST 800-53 Revision 4, follow the step-by-step guide provided below:
- 1.
Login to the AWS Management Console.
- 2.
Navigate to the EC2 service.
- 3.
From the EC2 Dashboard, click on "Load Balancers" in the left-hand menu.
- 4.
Identify the ELB application load balancer for which deletion protection should be enabled.
- 5.
Select the load balancer by clicking on its name.
- 6.
In the "Attributes" tab of the load balancer details page, locate the "Deletion Protection" section.
- 7.
If the deletion protection is already enabled, no further action is required. If not, click on the "Edit" button.
- 8.
From the "Edit attributes" dialog box, check the box next to "Enable deletion protection".
- 9.
Click on the "Save" button to apply the changes.
- 10.
The deletion protection is now enabled for the ELB application load balancer, ensuring compliance with NIST 800-53 Revision 4.
Verification
To verify that deletion protection is successfully enabled for the ELB application load balancer, follow the steps below:
- 1.
In the AWS Management Console, navigate to the EC2 service.
- 2.
Click on "Load Balancers" in the left-hand menu.
- 3.
Find the load balancer for which deletion protection was enabled.
- 4.
Check the "Deletion Protection" column. It should display "Enabled" for the load balancer.
If the deletion protection status shows as "Enabled," it confirms that the ELB application load balancer is protected from accidental or unauthorized deletion, meeting the requirements of NIST 800-53 Revision 4.