This rule ensures logging is enabled for ELB Application and Classic load balancers.
Rule | ELB application and classic load balancer logging should be enabled |
Framework | NIST Cybersecurity Framework (CSF) v1.1 |
Severity | ✔ High |
Enable ELB Load Balancer Logging for NIST Cybersecurity Framework (CSF) v1
Description:
Enabling logging for ELB (Elastic Load Balancer) plays a vital role in adhering to the NIST Cybersecurity Framework (CSF) v1. By enabling this feature, you ensure that necessary logs containing valuable information about client requests and responses are recorded. These logs are essential for security analysis, monitoring, and auditing purposes.
Troubleshooting Steps (if applicable):
Necessary Codes (if applicable):
aws elbv2 modify-load-balancer-attributes --load-balancer-arn <load_balancer_arn> --attributes Key=access_logs.s3.enabled,Value=true Key=access_logs.s3.bucket,Value=<s3_bucket_name> Key=access_logs.s3.prefix,Value=<s3_bucket_prefix>
aws elb modify-load-balancer-attributes --load-balancer-name <load_balancer_name> --attributes AccessLog.Enabled=true,AccessLog.S3.Bucket=<s3_bucket_name>,AccessLog.S3.Prefix=<s3_bucket_prefix>
Step-by-Step Guide for Remediation:
Log in to your AWS Management Console.
Go to the EC2 Dashboard and select the Load Balancers tab.
Identify the Load Balancer (Application or Classic) for which you want to enable logging.
For Application Load Balancer:
For Classic Load Balancer:
Open the AWS CLI or use AWS CLI from your terminal.
Run the necessary command relevant to your Load Balancer type as mentioned above, replacing the placeholders ("<load_balancer_arn>", "<load_balancer_name>", "<s3_bucket_name>", "<s3_bucket_prefix>") with the appropriate values.
For example, for an Application Load Balancer, the command would look like:
aws elbv2 modify-load-balancer-attributes --load-balancer-arn arn:aws:elasticloadbalancing:us-east-1:123456789012:loadbalancer/app/my-load-balancer/50dc6c495c0c9188 --attributes Key=access_logs.s3.enabled,Value=true Key=access_logs.s3.bucket,Value=my-logs-bucket Key=access_logs.s3.prefix,Value=mylogs-prefix
And for a Classic Load Balancer, the command would look like:
aws elb modify-load-balancer-attributes --load-balancer-name my-load-balancer --attributes AccessLog.Enabled=true,AccessLog.S3.Bucket=my-logs-bucket,AccessLog.S3.Prefix=mylogs-prefix
Execute the command and wait for it to complete successfully.
Verify the updated settings by going back to the Load Balancer details page and checking the logging status.
Repeat the process for any other relevant Load Balancers to ensure compliance with NIST CSF v1.
Note: Ensure that you have an S3 bucket created for storing the ELB logs. Adjust the bucket name and prefix values according to your environment.
By following these steps, you will successfully enable ELB application and classic load balancer logging, aligning with the requirements of the NIST Cybersecurity Framework (CSF) v1.