ELB is created with Access logs enabled

ELB logs provide insights and audit evidence for traffic patterns and originating sources. In the absence of these logs, it is very hard to complete incident response actions.

Risk Level: Low
Cloud Entity: Elastic Load Balancing (ELB)
CloudGuard Rule ID: D9.AWS.LOG.13
Covered by Spectral: Yes
Category: Networking & Content Delivery

GSL LOGIC

ELB should have accessLog.enabled=true

REMEDIATION

From Portal

  1. Go to the Amazon EC2 console at https://console.aws.amazon.com/ec2/. In the navigation pane, choose Load Balancers.
  2. Select your load balancer.
  3. On the Description tab, choose Edit attributes.
  4. On the Edit load balancer attributes page, Choose Configure access logs.
  5. Check Enable for Access Logs.
  6. Provide a name for your S3 bucket and check Create this location for me or provide the name for a bucket which already exists.
  7. Click Save.

From TF

resource "aws_elb" "example1" {
	access_logs {
		bucket = "example_bucket"
	}
	other required fields here
}

resource "aws_lb" "example2" {
	access_logs {
		bucket = "example2_bucket"
	}
	other required fields here
}

Note: aws_alb is known as aws_lb. The functionality is identical. For classic load balancers, ensure that the aws_elb resource has an access_logs block configured with a bucket. For next generation load balancers, ensure that the aws_lb resource has an access_logs block configured with a bucket.

From Command Line
To enable access logs for your load balancer:

aws elb modify-load-balancer-attributes --load-balancer-name LOAD_BALANCER_NAME --load-balancer-attributes file://my-json-file.json

References

  1. https://docs.aws.amazon.com/elasticloadbalancing/latest/application/enable-access-logging.html
  2. https://docs.aws.amazon.com/elasticloadbalancing/latest/application/load-balancer-access-logs.html
  3. https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/lb
  4. https://awscli.amazonaws.com/v2/documentation/api/latest/reference/elbv2/modify-load-balancer-attributes.html

Elastic Load Balancing (ELB)

Elastic Load Balancing automatically distributes incoming application traffic across multiple targets, such as Amazon EC2 instances, containers, and IP addresses. It can handle the varying load of your application traffic in a single Availability Zone or across multiple Availability Zones. Elastic Load Balancing offers three types of load balancers that all feature the high availability, automatic scaling, and robust security necessary to make your applications fault tolerant.

Compliance Frameworks

  • AWS CSA CCM v.3.0.1
  • AWS CSA CCM v.4.0.1
  • AWS CloudGuard Best Practices
  • AWS CloudGuard SOC2 based on AICPA TSC 2017
  • AWS CloudGuard Well Architected Framework
  • AWS GDPR Readiness
  • AWS HIPAA
  • AWS HITRUST
  • AWS HITRUST v11.0.0
  • AWS ISO 27001:2013
  • AWS ISO27001:2022
  • AWS ITSG-33
  • AWS LGPD regulation
  • AWS MAS TRM Framework
  • AWS MITRE ATT&CK Framework v10
  • AWS MITRE ATT&CK Framework v11.3
  • AWS NIST 800-171
  • AWS NIST 800-53 Rev 4
  • AWS NIST 800-53 Rev 5
  • AWS NIST CSF v1.1
  • AWS PCI-DSS 3.2
  • CloudGuard AWS All Rules Ruleset