Login

Cloud Defense Logo

Products

Solutions

Company

Book A Live Demo

Rule: ELB Application and Classic Load Balancer Logging Enabled

This rule ensures that logging is enabled for ELB application and classic load balancers.

RuleELB application and classic load balancer logging should be enabled
FrameworkNIST 800-53 Revision 5
Severity
High

Rule Description:

ELB (Elastic Load Balancer) logging is a crucial component for monitoring and analyzing the traffic and performance of your application or classic load balancer. Enabling logging helps to meet the compliance requirements of NIST 800-53 Revision 5, which focuses on the security and privacy of information systems.

Troubleshooting Steps:

If ELB logging is not already enabled or encountering issues while setting it up, follow the troubleshooting steps below:

  2. 1.
    Ensure that you have the necessary permissions to enable logging on your AWS account.
  4. 2.
    Verify that your target bucket for storing the logs exists and has the appropriate permissions for ELB to write logs to it.
  6. 3.
    Confirm that you have configured the logging settings correctly for the targeted load balancer.
  8. 4.
    Check if there are any conflicts with other logging or monitoring services running on the same load balancer. Resolve any conflicts or disable conflicting services.
  10. 5.
    Cross-check the CloudWatch logging configuration for the load balancer. Ensure it is properly set up and integrated with your ELB.
  12. 6.
    If there are any issues persisting, check the CloudTrail logs and ELB logs for any error messages or indications of the problem.

Necessary Codes:

To enable ELB logging, you need to deploy the following code:

aws elbv2 modify-load-balancer-attributes --load-balancer-arn <LOAD_BALANCER_ARN> --attributes Key=access_logs.s3.enabled,Value=true Key=access_logs.s3.bucket,Value=<BUCKET_NAME> Key=access_logs.s3.prefix,Value=<OPTIONAL_LOG_PREFIX>

Replace 

<LOAD_BALANCER_ARN>
with the ARN of your load balancer and 
<BUCKET_NAME>
with the name of the S3 bucket where logs will be stored. Optionally, you can specify a 
<OPTIONAL_LOG_PREFIX>
to differentiate the log file names.

Step-by-Step Guide for Remediation:

Follow the step-by-step guide below to enable ELB logging and meet the NIST 800-53 Revision 5 compliance requirements:

  2. 1.
    Log in to your AWS Management Console.
  4. 2.
    Navigate to the EC2 service.
  6. 3.
    Select "Load Balancers" from the left-hand menu.
  8. 4.
    Choose the applicable Application Load Balancer or Classic Load Balancer.
  10. 5.
    In the "Basic Configuration" or "Attributes" section, locate the "Access logs" or "Logging" settings.
  12. 6.
    Click on the "Edit" or "Modify" button to make changes.
  14. 7.
    Enable access log publishing by selecting the option to enable logging.
  16. 8.
    Specify the target S3 bucket name to store the logs. Make sure the bucket exists and has the necessary permissions.
  18. 9.
    If desired, add an optional log prefix to differentiate the log file names.
  20. 10.
    Save the changes and verify that the logging configuration is successfully updated.
  22. 11.
    Monitor the S3 bucket to ensure the log files are being written properly. Also, review the CloudWatch logs for any errors or warnings related to the ELB.
  24. 12.
    Periodically review and analyze the logs to gain insights into your application's performance and troubleshoot issues if necessary.

By following the above steps, you will enable logging for your ELB, ensuring compliance with NIST 800-53 Revision 5 requirements.

Is your System Free of Underlying Vulnerabilities?
Find Out Now