Rule: ELB Application and Classic Load Balancer Logging Should Be Enabled
This rule ensures that ELB application and classic load balancer logging is enabled for security purposes.
| Rule | ELB application and classic load balancer logging should be enabled |
| Framework | NIST Cybersecurity Framework (CSF) v1.1 |
| Severity | ✔ High |
Rule Description:
The rule requires enabling logging for both the ELB (Elastic Load Balancer) application and classic load balancer to meet the compliance with the NIST Cybersecurity Framework (CSF) v1. This logging provides crucial information for monitoring and auditing load balancer activities, which is essential for maintaining an effective security posture.
Troubleshooting Steps (if any):
- 1.Verify that you have the necessary permissions to enable logging for the ELB application and classic load balancer.
- 2.Check if the ELB application and classic load balancer are properly configured and functioning.
Necessary Codes (if any):
There are no specific codes required for enabling logging. The following steps describe the configuration process.
Step-by-Step Guide for Remediation:
Enabling Logging for ELB Application Load Balancer:
- 1.Open the AWS Management Console and navigate to the EC2 (Elastic Compute Cloud) service.
- 2.Select the desired region where the ELB application load balancer is deployed.
- 3.Click on the "Load Balancers" link in the left-hand menu.
- 4.Identify the ELB application load balancer for which you want to enable logging.
- 5.Select the load balancer and click on the "Listeners" tab.
- 6.Navigate to the listener configuration where you want to enable logging.
- 7.Click on the "View/edit logs" button next to the selected listener.
- 8.In the "Log configuration" section, choose "Enable Access Logs".
- 9.Specify the S3 bucket (existing or create a new one) where you want to store the access logs.
- 10.Define the log file prefix if required.
- 11.Choose the desired logging settings such as the interval, if the logging should roll over, and the format of the log entries.
- 12.Click on "Save" to enable the logging for the ELB application load balancer.
Enabling Logging for Classic Load Balancer:
- 1.Open the AWS Management Console and navigate to the EC2 (Elastic Compute Cloud) service.
- 2.Select the desired region where the classic load balancer is deployed.
- 3.Click on the "Load Balancers" link in the left-hand menu.
- 4.Identify the classic load balancer for which you want to enable logging.
- 5.Select the load balancer and click on the "Attributes" tab.
- 6.Scroll down to the "Access Logs" section and click on the "Edit" button.
- 7.Enable the logging by choosing "Enabled" from the dropdown menu.
- 8.Specify the S3 bucket (existing or create a new one) where you want to store the access logs.
- 9.Define the log file prefix if required.
- 10.Choose the desired logging settings such as the interval, if the logging should roll over, and the format of the log entries.
- 11.Click on "Save" to enable the logging for the classic load balancer.
Conclusion:
Enabling logging for both ELB application load balancer and classic load balancer is an important security measure to meet the compliance requirements of the NIST Cybersecurity Framework (CSF) v1. Following the step-by-step guide provided above will ensure that the logging is correctly configured, allowing for monitoring and auditing of load balancer activities.