Amazon_EC2_7

Ensure AWS Elastic Load Balancer logging is enabled

Description

Elastic Load Balancing automatically distributes incoming application traffic across multiple Amazon EC2 instances in the VPC. It enables you to achieve greater levels of fault tolerance in your applications, seamlessly providing the required amount of load balancing capacity needed to distribute application traffic.

Remediation

Using the Amazon unified CLI:

  • Create a JSON file containing the attributes you want to modify and save it locally as
    /tmp/ElbLogs.json:
    {
    “AccessLog”: {
    “Enabled”: true,
    114 | P a g e”S3BucketName”: “string”,
    “EmitInterval”: integer,
    “S3BucketPrefix”: “string”
    }
    }
  • Update the Load Balancer attributes:
    aws elb modify-load-balancer-attributes –load-balancer-name <elb_name> –load-
    balancer-attributes file:///tmp/ElbLogs.json


References:

  1. https://docs.aws.amazon.com/ElasticLoadBalancing/latest/DeveloperGuide/enable-access-logs.html
  2. http://docs.aws.amazon.com/cli/latest/reference/elb/describe-load-balancers.html
  3. http://docs.aws.amazon.com/cli/latest/reference/elb/describe-load-balancer-attributes.html
  4. http://docs.aws.amazon.com/cli/latest/reference/elb/describe-tags.html
  5. http://docs.aws.amazon.com/cli/latest/reference/elb/modify-load-balancer-attributes.html

Service

EC2

Severity

High

Compliance

Mapping

We are now live on AWS Marketplace.
The integrated view of your cloud infrastructure is now easier than ever!