Enable Logging for ELB Application and Classic Load Balancer Rule
This rule focuses on enabling logging for ELB application and classic load balancer for better monitoring and analysis.
| Rule | ELB application and classic load balancer logging should be enabled |
| Framework | NIST 800-53 Revision 5 |
| Severity | ✔ High |
Rule Description
ELB (Elastic Load Balancer) application and classic load balancer logging should be enabled to comply with NIST (National Institute of Standards and Technology) 800-53 Revision 5 security framework. This rule ensures that logs are generated for load balancer activities, providing visibility into potential security threats and aiding in incident response and compliance audits.
Troubleshooting Steps
If load balancer logging is not enabled, follow these troubleshooting steps:
- 1.Verify Load Balancer Configuration: Ensure that the load balancer(s) are properly configured and within the desired AWS region.
- 2.Check Access Permissions: Verify that you have the required IAM (Identity and Access Management) permissions to enable logging on the load balancers.
- 3.Review Log Storage: Ensure that a suitable log storage location (S3 bucket) is configured to store the load balancer logs.
- 4.Confirm Logging Settings: Validate that the logging settings for the load balancer(s) are correctly configured to send logs to the designated S3 bucket.
Necessary Codes
To enable ELB application and classic load balancer logging, the following code can be used:
aws elbv2 modify-load-balancer-attributes --load-balancer-arn <load_balancer_ARN> --attributes Key=access_logs.s3.enabled,Value=true Key=access_logs.s3.bucket,Value=<s3_bucket_name>
Replace
<load_balancer_ARN><s3_bucket_name>Step-by-step Guide for Remediation
Follow the steps below to enable logging for ELB application and classic load balancers:
- 1.Identify the Load Balancers: Determine the load balancers for which you need to enable logging.
- 2.Configure S3 Bucket: If you haven't already, create an S3 bucket to store the load balancer logs.
- 3.Assign IAM Permissions: Ensure that you have the necessary IAM permissions to modify load balancer attributes.
- 4.Enable Logging: Execute the following AWS CLI command, substituting the appropriate values:
Note: Replaceaws elbv2 modify-load-balancer-attributes --load-balancer-arn <load_balancer_ARN> --attributes Key=access_logs.s3.enabled,Value=true Key=access_logs.s3.bucket,Value=<s3_bucket_name>
with the ARN of the load balancer and<load_balancer_ARN>
with the name of the S3 bucket created in step 2.<s3_bucket_name> - 5.Verify Logging Configuration: Check if the logging settings have been successfully applied by running the following command:
Ensure that the response contains theaws elbv2 describe-load-balancer-attributes --load-balancer-arn <load_balancer_ARN>
and"access_logs.s3.enabled": true
attributes."access_logs.s3.bucket": "<s3_bucket_name>" - 6.Repeat for other Load Balancers: If you have multiple load balancers that need logging enabled, repeat steps 4 and 5 for each one.
By following these steps, you will enable ELB application and classic load balancer logging to comply with NIST 800-53 Revision 5. The logs will now be stored in the configured S3 bucket, providing visibility into load balancer activities for security and compliance purposes.