Rule: ELB Application and Classic Load Balancer Logging Enabled

This rule requires enabling logging for ELB application and classic load balancer for security compliance.

Rule	ELB application and classic load balancer logging should be enabled
Framework	Federal Financial Institutions Examination Council (FFIEC)
Severity	✔ High

Rule Description: Enable ELB Application and Classic Load Balancer Logging for Federal Financial Institutions Examination Council (FFIEC)

Overview:

The Federal Financial Institutions Examination Council (FFIEC) mandate requires all financial institutions to enable logging for their Elastic Load Balancers (ELBs) and Classic Load Balancers to ensure transparency, security, and compliance. This rule ensures that logging is enabled for these load balancers to capture relevant information for auditing, troubleshooting, and analysis purposes.

Troubleshooting Steps:

If logging is not already enabled for ELB load balancers, follow these troubleshooting steps:

1.

Verify Requirements: Ensure that you have the necessary permissions to modify the ELB configuration and enable logging.

2.

Identify Load Balancer: Determine the ARN (Amazon Resource Name) or identifier of the target ELB or Classic Load Balancer that requires logging to be enabled.

3.
Enable Logging: Enable logging for the identified load balancer by following these steps:
- For ELB Application Load Balancers: a. Open the EC2 Management Console. b. Navigate to the "Load Balancers" section. c. Select the target Application Load Balancer. d. Go to the "Attributes" tab. e. Click on "Edit" under the "Access logs" section. f. Choose "Enable access logs" and specify the S3 bucket where the logs will be stored. g. Configure the log prefix if required. h. Click on "Save" to enable logging.
- For Classic Load Balancers: a. Open the EC2 Management Console. b. Navigate to the "Load Balancers" section. c. Select the target Classic Load Balancer. d. Go to the "Attributes" tab. e. Click on "Edit" under the "Access logs" section. f. Choose "Enable access logs" and specify the S3 bucket where the logs will be stored. g. Configure the log prefix if required. h. Click on "Save" to enable logging.

4.

Verify Logging: After enabling logging, verify that the logs are being generated and stored in the specified S3 bucket. You can check the S3 bucket for the presence of log files.

Code Snippets (if applicable):

If you prefer to use the AWS Command Line Interface (CLI) to enable ELB logging, you can use the following code snippets as examples.

Enable ELB Application Load Balancer Logging:

aws elbv2 modify-load-balancer-attributes --load-balancer-arn <load_balancer_arn> --attributes Key=access_logs.s3.enabled,Value=true Key=access_logs.s3.bucket,Value=<bucket_name> Key=access_logs.s3.prefix,Value=<log_prefix>

Enable Classic Load Balancer Logging:

aws elb modify-load-balancer-attributes --load-balancer-name <load_balancer_name> --attributes "{'AccessLog':{'Enabled':'true','S3BucketName':'<bucket_name>','EmitInterval':5}}"

Remediation Steps:

To enable ELB logging for FFIEC compliance, follow these step-by-step instructions:

1.

Log in to the AWS Management Console.

2.

Open the EC2 service.

3.

Navigate to the "Load Balancers" section.

4.

Identify the target ELB or Classic Load Balancer that needs logging enabled.

5.
For an Application Load Balancer:
- Select the target Application Load Balancer.
- Go to the "Attributes" tab.
- Click on "Edit" under the "Access logs" section.
- Choose "Enable access logs" and specify the S3 bucket where the logs will be stored.
- Configure the log prefix if required.
- Click on "Save" to enable logging.

6.
For a Classic Load Balancer:
- Select the target Classic Load Balancer.
- Go to the "Attributes" tab.
- Click on "Edit" under the "Access logs" section.
- Choose "Enable access logs" and specify the S3 bucket where the logs will be stored.
- Configure the log prefix if required.
- Click on "Save" to enable logging.

7.

Verify that the logs are being generated and stored in the specified S3 bucket by checking the S3 bucket for log files.

By following these steps, ELB logging will be successfully enabled for FFIEC compliance.

Rule: ELB Application and Classic Load Balancer Logging Enabled

.css-doq6ia{margin:0;font-family:Inter;font-weight:400;font-size:1.2857142857142858rem;line-height:1.5;color:#161857;text-align:left;font-size:26px;font-weight:700;margin-top:1rem;}Overview:

.css-doq6ia{margin:0;font-family:Inter;font-weight:400;font-size:1.2857142857142858rem;line-height:1.5;color:#161857;text-align:left;font-size:26px;font-weight:700;margin-top:1rem;}Troubleshooting Steps:

.css-doq6ia{margin:0;font-family:Inter;font-weight:400;font-size:1.2857142857142858rem;line-height:1.5;color:#161857;text-align:left;font-size:26px;font-weight:700;margin-top:1rem;}Code Snippets (if applicable):

.css-1ekaeh4{margin:0;font-family:Inter;font-weight:400;font-size:1.2857142857142858rem;line-height:1.5;color:#161857;text-align:left;font-size:22px;font-weight:700;margin-top:1rem;margin-bottom:0rem;}Enable ELB Application Load Balancer Logging:

.css-1ekaeh4{margin:0;font-family:Inter;font-weight:400;font-size:1.2857142857142858rem;line-height:1.5;color:#161857;text-align:left;font-size:22px;font-weight:700;margin-top:1rem;margin-bottom:0rem;}Enable Classic Load Balancer Logging:

.css-doq6ia{margin:0;font-family:Inter;font-weight:400;font-size:1.2857142857142858rem;line-height:1.5;color:#161857;text-align:left;font-size:26px;font-weight:700;margin-top:1rem;}Remediation Steps:

Is your System Free of Underlying Vulnerabilities? Find Out Now