Cloud Defense Logo

Products

Solutions

Company

Book A Live Demo

Enable Logging for ELB Application and Classic Load Balancer Rule

This rule focuses on enabling logging for ELB application and classic load balancer for better monitoring and analysis.

RuleELB application and classic load balancer logging should be enabled
FrameworkNIST 800-53 Revision 5
Severity
High

Rule Description

ELB (Elastic Load Balancer) application and classic load balancer logging should be enabled to comply with NIST (National Institute of Standards and Technology) 800-53 Revision 5 security framework. This rule ensures that logs are generated for load balancer activities, providing visibility into potential security threats and aiding in incident response and compliance audits.

Troubleshooting Steps

If load balancer logging is not enabled, follow these troubleshooting steps:

  1. 1.
    Verify Load Balancer Configuration: Ensure that the load balancer(s) are properly configured and within the desired AWS region.
  2. 2.
    Check Access Permissions: Verify that you have the required IAM (Identity and Access Management) permissions to enable logging on the load balancers.
  3. 3.
    Review Log Storage: Ensure that a suitable log storage location (S3 bucket) is configured to store the load balancer logs.
  4. 4.
    Confirm Logging Settings: Validate that the logging settings for the load balancer(s) are correctly configured to send logs to the designated S3 bucket.

Necessary Codes

To enable ELB application and classic load balancer logging, the following code can be used:

aws elbv2 modify-load-balancer-attributes --load-balancer-arn <load_balancer_ARN> --attributes Key=access_logs.s3.enabled,Value=true Key=access_logs.s3.bucket,Value=<s3_bucket_name>

Replace

<load_balancer_ARN>
with the ARN (Amazon Resource Name) of the load balancer, and
<s3_bucket_name>
with the name of the S3 bucket where the logs will be stored.

Step-by-step Guide for Remediation

Follow the steps below to enable logging for ELB application and classic load balancers:

  1. 1.
    Identify the Load Balancers: Determine the load balancers for which you need to enable logging.
  2. 2.
    Configure S3 Bucket: If you haven't already, create an S3 bucket to store the load balancer logs.
  3. 3.
    Assign IAM Permissions: Ensure that you have the necessary IAM permissions to modify load balancer attributes.
  4. 4.
    Enable Logging: Execute the following AWS CLI command, substituting the appropriate values:
    aws elbv2 modify-load-balancer-attributes --load-balancer-arn <load_balancer_ARN> --attributes Key=access_logs.s3.enabled,Value=true Key=access_logs.s3.bucket,Value=<s3_bucket_name>
    
    Note: Replace
    <load_balancer_ARN>
    with the ARN of the load balancer and
    <s3_bucket_name>
    with the name of the S3 bucket created in step 2.
  5. 5.
    Verify Logging Configuration: Check if the logging settings have been successfully applied by running the following command:
    aws elbv2 describe-load-balancer-attributes --load-balancer-arn <load_balancer_ARN>
    
    Ensure that the response contains the
    "access_logs.s3.enabled": true
    and
    "access_logs.s3.bucket": "<s3_bucket_name>"
    attributes.
  6. 6.
    Repeat for other Load Balancers: If you have multiple load balancers that need logging enabled, repeat steps 4 and 5 for each one.

By following these steps, you will enable ELB application and classic load balancer logging to comply with NIST 800-53 Revision 5. The logs will now be stored in the configured S3 bucket, providing visibility into load balancer activities for security and compliance purposes.

Is your System Free of Underlying Vulnerabilities?
Find Out Now