Ensure that Elastic Load Balancer(s) uses SSL certificates provided by AWS Certificate Manager
ID |
elb_ssl |
Severity |
high |
Vendor |
AWS |
Resource |
Amazon Neptune |
Tags |
reachable |
Description
Ensuring that your Elastic Load Balancers use SSL certificates provided by AWS Certificate Manager enhances the security, reliability, and manageability of your web applications and services.
It simplifies certificate management, reduces security risks, and ensures compliance with industry standards while minimizing costs and administrative overhead.
Using ACM certificates is a best practice for securing your applications on AWS.
Examples
Buildtime
Terraform
resource "aws_elb" {
name = "terraform-elb"
availability_zones = ["us-west-2c"]
listener {
instance_port = 8000
instance_protocol = "http"
lb_port = 80
lb_protocol = "http" (1)
}
health_check {
healthy_threshold = 2
unhealthy_threshold = 2
timeout = 3
target = "HTTP:8000/"
interval = 30
}
instances = [aws_instance.foo.id]
cross_zone_load_balancing = true
idle_timeout = 400
connection_draining = true
connection_draining_timeout = 400
}| 1 | SSl is not configured for this listener. |
Mitigation / Fix
Buildtime
Terraform
resource "aws_elb" {
name = "terraform-elb"
availability_zones = ["us-west-2c"]
listener {
instance_port = 8000
instance_protocol = "http"
lb_port = 443
lb_protocol = "https"
ssl_certificate_id = "arn:aws:iam::16452115:server-certificate/certificate_name" (1)
}
health_check {
healthy_threshold = 2
unhealthy_threshold = 2
timeout = 3
target = "HTTP:8000/"
interval = 30
}
instances = [aws_instance.foo.id]
cross_zone_load_balancing = true
idle_timeout = 400
connection_draining = true
connection_draining_timeout = 400
}| 1 | Ensure you have configured an SSL certificate. |