Rule: ELB Application and Classic Load Balancer Logging Enabled
This rule highlights the importance of enabling logging for ELB application and classic load balancers.
| Rule | ELB application and classic load balancer logging should be enabled |
| Framework | NIST 800-53 Revision 5 |
| Severity | ✔ High |
Rule Description: ELB Application and Classic Load Balancer Logging for NIST 800-53 Revision 5
To comply with NIST 800-53 Revision 5, it is necessary to enable logging for Elastic Load Balancer (ELB) Application and Classic Load Balancer (CLB). Logging provides valuable insights into the health and performance of your load balancers, as well as helps with security monitoring and troubleshooting. This rule ensures that logging is enabled for ELB Application and CLB.
Troubleshooting Steps:
- 1.
Verify ELB Logging Configuration:
- Check if the logging feature is enabled for your ELB Application and CLB.
- Ensure that the logging settings are properly configured and matching the compliance requirements.
- 2.
Check Log Bucket Permissions:
- Verify that the destination bucket where the logs are stored has the necessary permissions.
- Ensure that the bucket is not publicly accessible and has proper ACLs and policies set.
- 3.
Review Log Retention Settings:
- Confirm that the log retention period is appropriately configured.
- Ensure that logs are retained for the required duration as per compliance requirements.
Necessary Codes:
There are no specific codes required for compliance with this rule. However, you may need to use command-line interface (CLI) commands to verify and configure the logging settings for ELB Application and CLB.
Step-by-Step Guide for Remediation:
- 1.
Enable Logging for ELB Application:
- Open the AWS Management Console.
- Go to the EC2 service and select "Load Balancers" from the sidebar.
- Choose the ELB Application Load Balancer that needs logging enabled.
- Click on the "Listeners" tab.
- Select the listener for which you want to enable logging.
- Scroll down to the "Access logs" section and click on "View/edit access logs".
- Enable access logs by selecting the checkbox and specify the S3 bucket and log prefix where logs will be stored.
- Choose the desired log format and click on "Save".
- 2.
Enable Logging for Classic Load Balancer (CLB):
- Open the AWS Management Console.
- Go to the EC2 service and select "Load Balancers" from the sidebar.
- Choose the Classic Load Balancer that needs logging enabled.
- In the "Description" tab, click on the "Edit" button next to "Access logs".
- Enable access logs by selecting the checkbox and specify the S3 bucket and log prefix where logs will be stored.
- Choose the desired log format and click on "Save".
- 3.
Verify and Review Logging Configuration:
- Check the ELB Application and CLB configuration to ensure that logging is enabled.
- Verify that the logs are being sent to the specified S3 bucket.
- Validate the log retention settings and confirm that logs are retained for the required duration.
By following these steps, you can enable logging for ELB Application and Classic Load Balancer, and ensure compliance with NIST 800-53 Revision 5.