Ensure that ELB Listener protocol is HTTPS or SSL
The HTTPS protocol uses the SSL protocol to establish secure connections over the HTTP layer. You can also use the SSL protocol to establish secure connections over the TCP layer.
Risk Level: High
Cloud Entity: AWS ElasticLoadBalancing LoadBalancer
CloudGuard Rule ID: D9.CFT.NET.13
Covered by Spectral: Yes
Category: Compute
GSL LOGIC
AWS_ElasticLoadBalancing_LoadBalancer should have Listeners contain-all [Protocol='SSL' or Protocol='HTTPS']
REMEDIATION
From CFT
Set entity: AWS::ElasticLoadBalancing::LoadBalancer Listeners.Protocol property to SSL or HTTPS and set the SSLCertificateId property to a valid certificate.
References
- https://docs.aws.amazon.com/elasticloadbalancing/latest/classic/elb-listener-config.html
- https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ec2-elb-listener.html
AWS ElasticLoadBalancing LoadBalancer
AWS::ElasticLoadBalancing::LoadBalancer Specifies a Classic Load Balancer.You can specify the AvailabilityZones or Subnets property, but not both.If this resource has a public IP address and is also in a VPC that is defined in the same template, you must use the DependsOn attribute to declare a dependency on the VPC-gateway attachment.
Compliance Frameworks
- AWS CloudFormation ruleset
Updated about 1 year ago