Ensure that access logging is enabled for the classic ELB
Elastic Load Balancing provides access logs that capture detailed information about requests sent to your load balancer. Each log contains information such as the time the request was received, the client's IP address, latencies, request paths, and server responses. You can use these access logs to analyze traffic patterns and troubleshoot issues.
Risk Level: Low
Cloud Entity: AWS ElasticLoadBalancing LoadBalancer
CloudGuard Rule ID: D9.CFT.LOG.05
Covered by Spectral: Yes
Category: Compute
GSL LOGIC
AWS_ElasticLoadBalancing_LoadBalancer should have AccessLoggingPolicy.Enabled='true'
REMEDIATION
From CFT
Set AWS::ElasticLoadBalancing::LoadBalancer AccessLoggingPolicy.Enabled property to true with appropriate values to the bucket name and interval.
References
- https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ec2-elb-accessloggingpolicy.html
- https://docs.aws.amazon.com/elasticloadbalancing/latest/application/load-balancer-access-logs.html
AWS ElasticLoadBalancing LoadBalancer
AWS::ElasticLoadBalancing::LoadBalancer Specifies a Classic Load Balancer.You can specify the AvailabilityZones or Subnets property, but not both.If this resource has a public IP address and is also in a VPC that is defined in the same template, you must use the DependsOn attribute to declare a dependency on the VPC-gateway attachment.
Compliance Frameworks
- AWS CloudFormation ruleset
Updated about 1 year ago