Rule: ELB Application and Classic Load Balancer Logging Should Be Enabled
This rule ensures that ELB application and classic load balancer logging is enabled for effective monitoring and troubleshooting.
| Rule | ELB application and classic load balancer logging should be enabled |
| Framework | NIST 800-53 Revision 5 |
| Severity | ✔ High |
Rule Description:
The NIST 800-53 Revision 5 requires that Elastic Load Balancer (ELB) application and classic load balancer logging be enabled. This rule ensures that logs are generated and stored for monitoring and audit purposes. By enabling logging, you can have better visibility into the traffic, requests, and errors occurring in your load balancer.
Remediation Steps:
Follow the below steps to enable ELB application and classic load balancer logging:
Step 1: Access the AWS Management Console
Access the AWS Management Console using your credentials.
Step 2: Navigate to Load Balancers
Navigate to the "Load Balancers" section in the AWS Management Console.
Step 3: Select Load Balancer
Select the load balancer for which you want to enable logging.
Step 4: Enable Logging
For Application Load Balancer (ALB):
- 1.In the "Description" tab, click on the "Edit attributes" button.
- 2.Scroll down to the "Access logs" section and click on the "Change" link.
- 3.Select the S3 bucket where you want to store the logs.
- 4.Specify a prefix if needed.
- 5.Click on the "Save" button.
For Classic Load Balancer (CLB):
- 1.In the "Description" tab, click on the "Edit attributes" button.
- 2.Scroll down to the "Access logs" section and click on the "Enable access logs" checkbox.
- 3.Select the S3 bucket where you want to store the logs.
- 4.Specify a prefix if needed.
- 5.Click on the "Save" button.
Step 5: Verify Logging
Verify that logging has been enabled by checking the load balancer's description page. The "Access logs" section should show the configured S3 bucket and prefix.
Troubleshooting Steps:
If you encounter any issues while enabling ELB application and classic load balancer logging, consider the following troubleshooting steps:
- 1.Ensure that you have the necessary IAM permissions to enable logging and access the specified S3 bucket.
- 2.Verify that the S3 bucket you selected exists and is accessible.
- 3.Check your network connectivity to ensure there are no network restrictions preventing access to the S3 bucket.
- 4.If the logging does not enable or the logs are not being generated, check the CloudWatch Logs for any error messages or failures.
- 5.Review the AWS documentation and AWS forums for any known issues or troubleshooting tips specific to your situation.
Additional Information:
Enabling ELB application and classic load balancer logging provides valuable insights into your application's traffic patterns, helps in identifying and troubleshooting any underlying issues, and assists in complying with regulatory requirements such as NIST 800-53 Revision 5. The logs generated include information about client requests, backend server responses, errors, and other relevant details.
Logging should be enabled for all load balancers in your environment that are subject to NIST 800-53 Revision 5. Regularly review and analyze the logs to identify any abnormal or suspicious patterns and take appropriate actions to maintain the security and performance of your applications.