Cloud Defense Logo

Products

Solutions

Company

Book A Live Demo

Rule: ELB Application Load Balancer Deletion Protection Enabled

This rule ensures that deletion protection is enabled for ELB application load balancer.

RuleELB application load balancer deletion protection should be enabled
FrameworkNIST Cybersecurity Framework (CSF) v1.1
Severity
High

Enabling Deletion Protection for ELB Application Load Balancer in Compliance with NIST CSF v1

Enabling deletion protection for your AWS Elastic Load Balancing (ELB) Application Load Balancer is a measure to prevent accidental or unauthorized deletion, aligning with the NIST Cybersecurity Framework's recommendations to protect critical infrastructure.

Understanding Deletion Protection

What is Deletion Protection?

Deletion protection is a feature that prevents an Application Load Balancer from being deleted by users or services. It is an important safeguard to ensure the availability and integrity of load balancer resources.

Importance for NIST CSF Compliance

The National Institute of Standards and Technology (NIST) Cybersecurity Framework version 1 (CSF v1) encourages organizations to establish safeguards to ensure the delivery of critical services. By enabling deletion protection on your ELB Application Load Balancer, you comply with the Framework's intent to "protect" critical services.

Enabling Deletion Protection for AWS ELB Application Load Balancer

Please note that deletion protection cannot be enabled directly through the CLI during load balancer creation; it must be modified after the load balancer is created.

Step-by-Step Guide to Enable Deletion Protection using AWS Console:

  1. 1.

    Log in to the AWS Management Console

    • Access the Elastic Load Balancing dashboard.
  2. 2.

    Select the Load Balancer

    • Navigate to Load Balancers, choose the Application Load Balancer for which you want to enable deletion protection.
  3. 3.

    Modify Attributes

    • Under the 'Attributes' section, click on 'Edit attributes'.
  4. 4.

    Enable Deletion Protection

    • Check the 'Enable deletion protection' option.
  5. 5.

    Save Changes

    • Click on 'Save' to apply the changes.

Step-by-Step Guide to Enable Deletion Protection using AWS CLI:

  1. 1.

    Identify Load Balancer

    • Use the following AWS CLI command to list all load balancers and find the ARN for your Application Load Balancer:

      aws elbv2 describe-load-balancers --query 'LoadBalancers[*].{ID:LoadBalancerArn, Name:LoadBalancerName}'
      
  2. 2.

    Enable Deletion Protection

    • Enable deletion protection by modifying the attributes of the load balancer using its ARN:

      aws elbv2 modify-load-balancer-attributes --load-balancer-arn <Your-Load-Balancer-ARN> --attributes Key=deletion_protection.enabled,Value=true
      

      Replace

      <Your-Load-Balancer-ARN>
      with the actual ARN of your load balancer.

Troubleshooting Potential Issues

  • Permission Errors: Ensure that your IAM user/role has the necessary permissions to modify load balancer attributes.

  • Incorrect ARN: Verify that you've provided the correct ARN of the Application Load Balancer you intend to protect.

  • CLI Command Failure: Double-check the CLI syntax and parameter values if you encounter command failures.

Remediation Steps: CLI Command Quick Reference

  • List Load Balancers:

    aws elbv2 describe-load-balancers --query 'LoadBalancers[*].{ID:LoadBalancerArn, Name:LoadBalancerName}'
    
  • Enable Deletion Protection:

    aws elbv2 modify-load-balancer-attributes --load-balancer-arn <Your-Load-Balancer-ARN> --attributes Key=deletion_protection.enabled,Value=true
    

By following these instructions, you can effectively enable deletion protection for your ELB Application Load Balancer, contributing to your organization's compliance with NIST CSF v1 requirements. This proactive step in managing your AWS resources not only aligns with the best cybersecurity practices but also provides assurance against potential disruptions to your operations.

Is your System Free of Underlying Vulnerabilities?
Find Out Now