Free Assessment

Amazon_EC2_6

Ensure All ELB is using HTTPS listener

Description

A load balancer takes requests from clients and distributes them across the EC2 instances that are registered with the load balancer (also known as back-end instances).
A listener is a process that checks for connection requests. It is configured with a protocol and a port for front-end (client to load balancer) connections

  • Note: an HTTPS listener configured on the ELB is not mandatory if you are
    terminating SSL connections directly on the Web Tier EC2 instances, and using a
    TCP listener on the ELB (TCP pass-through)

Remediation

Using the Amazon unified command line interface:

  • If the ListenerDescription field is missing, add a new HTTPS listener configured with a SSLTLS certificate (the listener forwards traffic to the backend instances on port 80, but this can be modified by editing InstancePort=80):
    aws elb create-load-balancer-listeners –load-balancer-name <elb> –listeners Protocol=HTTPS,LoadBalancerPort=443,InstanceProtocol=HTTP,InstancePort=80, SSLCertificateId <ssl_certificate_arn>


References:

  1. http://docs.aws.amazon.com/cli/latest/reference/elb/describe-load-balancers.html
  2. http://docs.aws.amazon.com/cli/latest/reference/elb/create-load-balancer-listeners.html
  3. http://docs.aws.amazon.com/ElasticLoadBalancing/latest/DeveloperGuide/elb-listener-config.html

Service

EC2

Severity

High

Compliance

Mapping

Want to Know More?

Learn how our partners are managing their cloud security and compliance with Cloudlytics.

I hereby accept the GDPR and Privacy Policy, by subscribing to the newsletters.

Cloudlytics

Solutions

Resources

Company

Legal

Facebook Twitter Linkedin Youtube
Start Free Trial
Login

CLOSE

We are now live on AWS Marketplace.
The integrated view of your cloud infrastructure is now easier than ever!

Learn More