Risk Level: Medium
Cloud Entity: Elastic Load Balancing (ELB)
CloudGuard Rule ID: D9.AWS.NET.87
Covered by Spectral: No
Category: Networking & Content Delivery

GSL LOGIC

ELB where isPublic=true should not have nics contain [ securityGroups contain [ inboundRules contain [ scope='0.0.0.0/0' and port in($CloudGuard_Known_UDP_Ports) and protocol in('UDP', 'ALL') ] ] ]

REMEDIATION

From Portal
A)

Sign in to the AWS Management Console.Navigate to EC2 dashboard at https://console.aws.amazon.com/ec2/.
In the NETWORK & SECURITY tab, choose Security Groups.
Create a new Security group, add an appropriate scope other than 0.0.0.0/0 in the inbound rules.
B)
Open the Amazon EC2 console at https://console.aws.amazon.com/ec2/.
On the navigation pane, under LOAD BALANCING, choose Load Balancers.
Select the load balancer.
On the Description tab, under Security, choose Edit security groups.
To associate a security group with your load balancer, select it. To remove a security group from your load balancer, clear it.
Choose Save.

From Command Line

Create a new security group to replace the insecure security which is currently attached to the ELB.

aws ec2 create-security-group	--region REGION --group-name SG_NAME --description "SECURE SG" --vpc-id VPC_ID

Add an inbound rule with appropriate scope/cidr range in order to limit the incoming traffic.

aws ec2 authorize-security-group-ingress --group-name MySecurityGroup --protocol tcp --port PORT --cidr CIDR_BLOCK

Use the following apply-security-groups-to-load-balancer command to associate a security group with a load balancer in a VPC. The specified security groups override the previously associated security groups.

aws elb apply-security-groups-to-load-balancer --load-balancer-name my-loadbalancer --security-groups sg-ID

From CFT
Use the link from references to Cloudformation resource load balancer and configure the security group with appropriate settings in order to limit the incoming traffic.

From TF
Use the link from references to Terraform resource load balancer and configure the security group with appropriate settings in order to limit the incoming traffic.

References

Elastic Load Balancing (ELB)

Elastic Load Balancing automatically distributes incoming application traffic across multiple targets, such as Amazon EC2 instances, containers, and IP addresses. It can handle the varying load of your application traffic in a single Availability Zone or across multiple Availability Zones. Elastic Load Balancing offers three types of load balancers that all feature the high availability, automatic scaling, and robust security necessary to make your applications fault tolerant.

Compliance Frameworks

AWS CSA CCM v.3.0.1
AWS CSA CCM v.4.0.1
AWS CloudGuard Best Practices
AWS CloudGuard CheckUp
AWS CloudGuard Network Alerts for default VPC components
AWS CloudGuard SOC2 based on AICPA TSC 2017
AWS GDPR Readiness
AWS HITRUST v11.0.0
AWS ISO 27001:2013
AWS ISO27001:2022
AWS LGPD regulation
AWS MAS TRM Framework
AWS MITRE ATT&CK Framework v11.3
AWS NIST 800-53 Rev 4
AWS NIST 800-53 Rev 5
AWS NIST CSF v1.1
AWS PCI-DSS 3.2
AWS PCI-DSS 4.0
CloudGuard AWS All Rules Ruleset
CloudGuard AWS Default Ruleset