Ensure that ELB V2 Listener protocol is not HTTP or TCP

HTTP and TCP are unsecure protocols where the data between client and load balancer is not encrypted. Prefer using HTTPS or SSL/TLS protocols instead.

Risk Level: High
Cloud Entity: Elastic Load Balancing (ELB)
CloudGuard Rule ID: D9.CFT.NET.14
Covered by Spectral: Yes
Category: Networking & Content Delivery


AWS_ElasticLoadBalancingV2_Listener should not have Protocol='HTTP' or Protocol='TCP'


From CFT
Set AWS::ElasticLoadBalancingV2::Listener Protocol property to HTTPS or TLS.


  1. https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-elasticloadbalancingv2-listener.html#cfn-elasticloadbalancingv2-listener-protocol
  2. https://docs.aws.amazon.com/elasticloadbalancing/latest/application/create-https-listener.html

Elastic Load Balancing (ELB)

Elastic Load Balancing automatically distributes incoming application traffic across multiple targets, such as Amazon EC2 instances, containers, and IP addresses. It can handle the varying load of your application traffic in a single Availability Zone or across multiple Availability Zones. Elastic Load Balancing offers three types of load balancers that all feature the high availability, automatic scaling, and robust security necessary to make your applications fault tolerant.

Compliance Frameworks

  • AWS CloudFormation ruleset