Risk Level: Low
Cloud Entity: Elastic Load Balancing (ELB)
CloudGuard Rule ID: D9.AWS.NET.50
Covered by Spectral: No
Category: Networking & Content Delivery
ELB should not have securityGroups with [ inboundRules isEmpty() ]
- Log in to the AWS console
- In the console, select the specific region
- Navigate to EC2 Dashboard
- Click 'Load Balancers', select the reported load balancer
- Select the Security tab from the bottom panel.
- Click on each associated security group ID under Security Group ID column to open the selected security group configuration page.
- Click the 'Inbound Rules'
- If there are no rules, click 'Edit rules' and create an inbound rule according to your ELB functional requirement.
From Command Line:
To add a rule that allows Inbound traffic to a specific address range. Below example command adds a rule that grants access to the desired address range on TCP port 22.
aws ec2 authorize-security-group-ingress --group-name MySecurityGroup --protocol tcp --port 22 --cidr IP_address_range
Elastic Load Balancing automatically distributes incoming application traffic across multiple targets, such as Amazon EC2 instances, containers, and IP addresses. It can handle the varying load of your application traffic in a single Availability Zone or across multiple Availability Zones. Elastic Load Balancing offers three types of load balancers that all feature the high availability, automatic scaling, and robust security necessary to make your applications fault tolerant.
- AWS CSA CCM v.4.0.1
- AWS CloudGuard Best Practices
- AWS CloudGuard SOC2 based on AICPA TSC 2017
- AWS CloudGuard Well Architected Framework
- AWS HITRUST
- AWS HITRUST v11.0.0
- AWS ISO27001:2022
- AWS ITSG-33
- AWS MAS TRM Framework
- AWS MITRE ATT&CK Framework v10
- AWS MITRE ATT&CK Framework v11.3
- AWS NIST 800-53 Rev 5
- AWS PCI-DSS 4.0
- CloudGuard AWS All Rules Ruleset
Updated 4 days ago