Ensure that ELB V2 Listener protocol is not HTTP or TCP
HTTP and TCP are unsecure protocols where the data between client and load balancer is not encrypted. Prefer using HTTPS or SSL/TLS protocols instead.
Risk Level: High
Cloud Entity: Elastic Load Balancing (ELB)
CloudGuard Rule ID: D9.CFT.NET.14
Covered by Spectral: Yes
Category: Networking & Content Delivery
GSL LOGIC
AWS_ElasticLoadBalancingV2_Listener should not have Protocol='HTTP' or Protocol='TCP'
REMEDIATION
From CFT
Set AWS::ElasticLoadBalancingV2::Listener Protocol
property to HTTPS or TLS.
References
- https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-elasticloadbalancingv2-listener.html#cfn-elasticloadbalancingv2-listener-protocol
- https://docs.aws.amazon.com/elasticloadbalancing/latest/application/create-https-listener.html
Elastic Load Balancing (ELB)
Elastic Load Balancing automatically distributes incoming application traffic across multiple targets, such as Amazon EC2 instances, containers, and IP addresses. It can handle the varying load of your application traffic in a single Availability Zone or across multiple Availability Zones. Elastic Load Balancing offers three types of load balancers that all feature the high availability, automatic scaling, and robust security necessary to make your applications fault tolerant.
Compliance Frameworks
- AWS CloudFormation ruleset
Updated over 1 year ago