Rule: ELB Application Load Balancer Deletion Protection Enabled
This rule focuses on enabling deletion protection for ELB application load balancers to enhance security measures.
| Rule | ELB application load balancer deletion protection should be enabled |
| Framework | NIST 800-53 Revision 5 |
| Severity | ✔ High |
Rule Description
The ELB (Elastic Load Balancer) Application Load Balancer deletion protection is a feature that prevents accidental deletion of load balancers in an AWS account. This rule requires the deletion protection to be enabled for the ELB Application Load Balancers to ensure compliance with NIST 800-53 Revision 5 security controls.
Enabling deletion protection ensures that critical load balancers cannot be deleted or modified inadvertently, protecting the availability and stability of the associated applications.
Troubleshooting Steps (if applicable)
No specific troubleshooting steps are required for this rule.
Necessary Codes (if applicable)
No specific codes are required for this rule.
Remediation Steps
To enable deletion protection for ELB Application Load Balancers, follow the steps below:
- 1.
Open the AWS Management Console and navigate to the AWS EC2 service.
- 2.
In the EC2 dashboard, click on "Load Balancers" in the navigation pane on the left side.
- 3.
Select the desired Application Load Balancer from the list.
- 4.
In the Load Balancer details page, click on the "Attributes" tab.
- 5.
Locate the "Deletion protection" attribute.
- 6.
If the attribute is not already enabled, click on the "Edit" button.
- 7.
Check the box next to "Enable deletion protection" to enable this feature.
- 8.
Click on the "Save" button to apply the changes.
By following the above steps, the deletion protection will be enabled for the selected ELB Application Load Balancer, ensuring compliance with NIST 800-53 Revision 5.
CLI Command Guide (if applicable)
To enable deletion protection for an ELB Application Load Balancer using AWS CLI, use the following command:
aws elbv2 modify-load-balancer-attributes --load-balancer-arn <load_balancer_arn> --attributes "Key=deletion_protection.enabled,Value=true"
Replace
<load_balancer_arn>Remember to ensure you have the necessary permissions to modify load balancer attributes using the AWS CLI.
Conclusion
Enabling deletion protection for ELB Application Load Balancers provides an additional layer of security and prevents accidental deletion or modification. By following the remediation steps, you can ensure compliance with NIST 800-53 Revision 5 requirements and protect the availability of your critical applications.