AWS_ELB_51

Ensure NetworkLoadBalancer with Elastic search (TCP:9300) is not exposed to the public internet

Description

A Network Load Balancer functions at the fourth layer of the Open Systems Interconnection (OSI) model. It can handle millions of requests per second. After the load balancer receives a connection request, it selects a target from the target group for the default rule. It attempts to open a TCP connection to the selected target on the port specified in the listener configuration.A listener checks for connection requests from clients, using the protocol and port that you configure, and forwards requests to one or more registered instances using the protocol and port number that you configure.A security group acts as a firewall that controls the traffic allowed to and from one or more instances. When you launch an EC2 instance, you can associate one or more security groups with the instance.

Remediation

To restrict inbound traffic from your load balancer to your container instances.

1. Sign in to the AWS Management Console.

2. Navigate to EC2 dashboard at https://console.aws.amazon.com/ec2/.

3. In the navigation panel, under NETWORK &amp

Service

ELB

Severity

High

Compliance

Mapping

We are now live on AWS Marketplace.
The integrated view of your cloud infrastructure is now easier than ever!