Rule: ELB Application and Network Load Balancers SSL Usage
This rule emphasizes using SSL or HTTPS listeners for ELB application and network load balancers.
| Rule | ELB application and network load balancers should only use SSL or HTTPS listeners |
| Framework | CISA-cyber-essentials |
| Severity | ✔ High |
Rule Description:
According to the CISA Cyber Essentials guidelines, Elastic Load Balancers (ELBs) - both application and network load balancers - should only utilize SSL (Secure Sockets Layer) or HTTPS (Hypertext Transfer Protocol Secure) listeners. This restriction is enforced to ensure secure communication between clients and the load balancers, protecting sensitive information.
Troubleshooting Steps (if applicable):
Troubleshooting steps are not required for this rule, as it is focused on ensuring compliance with the stated guideline by configuring SSL or HTTPS listeners exclusively.
Necessary Codes/Configurations (if applicable):
There are no specific codes or configurations required for this rule, as it primarily emphasizes the appropriate usage of SSL or HTTPS listeners for ELB load balancers.
Remediation Steps:
To adhere to the CISA Cyber Essentials recommendation, follow the below steps to configure SSL or HTTPS listeners for your ELB load balancers:
Step 1: Access AWS Management Console
Access the AWS Management Console using your account credentials.
Step 2: Navigate to the EC2 Service
Navigate to the EC2 service using the search bar at the top of the console, or by selecting it from the list of available services.
Step 3: Select "Load Balancers"
In the EC2 service dashboard, locate and select "Load Balancers" from the sidebar menu.
Step 4: Choose the relevant load balancer
Identify the specific ELB load balancer for which you want to configure SSL or HTTPS listeners, and click on it to access its settings.
Step 5: Add a new listener
Within the load balancer details, locate the "Listeners" tab or section. Click on "Add listener" to configure a new listener.
Step 6: Select HTTPS/SSL as the protocol
Choose "HTTPS" or "SSL" as the protocol for the listener. This selection will enforce secure communication using SSL or HTTPS.
Step 7: Configure the listener settings
Provide the necessary details for the listener configuration, such as the port number, SSL certificate, and any other relevant settings specific to your application requirements.
Step 8: Save the listener configuration
Once all the listener settings have been configured, save the changes to apply the SSL/HTTPS listener to your ELB load balancer.
Step 9: Repeat for additional load balancers (if applicable)
If you have multiple ELB load balancers, repeat the above steps for each load balancer to ensure SSL/HTTPS listeners are configured consistently across your infrastructure.
By following these steps, you will successfully adhere to the CISA Cyber Essentials guideline of only using SSL or HTTPS listeners for ELB application and network load balancers. This will provide a secure communication channel between clients and your load balancers, enhancing the overall security of your infrastructure.