Enable ELB Application and Classic load balancer logging Rule
This rule ensures logging is enabled for ELB Application and Classic load balancers.
| Rule | ELB application and classic load balancer logging should be enabled |
| Framework | NIST Cybersecurity Framework (CSF) v1.1 |
| Severity | ✔ High |
Enable ELB Load Balancer Logging for NIST Cybersecurity Framework (CSF) v1
Description:
Enabling logging for ELB (Elastic Load Balancer) plays a vital role in adhering to the NIST Cybersecurity Framework (CSF) v1. By enabling this feature, you ensure that necessary logs containing valuable information about client requests and responses are recorded. These logs are essential for security analysis, monitoring, and auditing purposes.
Troubleshooting Steps (if applicable):
- 1.Check if you have the necessary permissions to modify the ELB settings.
- 2.Make sure that your ELB is active and receiving traffic.
- 3.Verify if logging is already enabled or disabled for your ELB.
Necessary Codes (if applicable):
- AWS CLI command to enable logging for ELB Application Load Balancer:
aws elbv2 modify-load-balancer-attributes --load-balancer-arn <load_balancer_arn> --attributes Key=access_logs.s3.enabled,Value=true Key=access_logs.s3.bucket,Value=<s3_bucket_name> Key=access_logs.s3.prefix,Value=<s3_bucket_prefix>
- AWS CLI command to enable logging for Classic Load Balancer:
aws elb modify-load-balancer-attributes --load-balancer-name <load_balancer_name> --attributes AccessLog.Enabled=true,AccessLog.S3.Bucket=<s3_bucket_name>,AccessLog.S3.Prefix=<s3_bucket_prefix>
Step-by-Step Guide for Remediation:
- 1.
Log in to your AWS Management Console.
- 2.
Go to the EC2 Dashboard and select the Load Balancers tab.
- 3.
Identify the Load Balancer (Application or Classic) for which you want to enable logging.
- 4.
For Application Load Balancer:
- Click on the Load Balancer you identified.
- In the Load Balancer details, go to the "Description" tab.
- Note down the Load Balancer ARN.
For Classic Load Balancer:
- Note down the Load Balancer name.
- 5.
Open the AWS CLI or use AWS CLI from your terminal.
- 6.
Run the necessary command relevant to your Load Balancer type as mentioned above, replacing the placeholders ("<load_balancer_arn>", "<load_balancer_name>", "<s3_bucket_name>", "<s3_bucket_prefix>") with the appropriate values.
For example, for an Application Load Balancer, the command would look like:
aws elbv2 modify-load-balancer-attributes --load-balancer-arn arn:aws:elasticloadbalancing:us-east-1:123456789012:loadbalancer/app/my-load-balancer/50dc6c495c0c9188 --attributes Key=access_logs.s3.enabled,Value=true Key=access_logs.s3.bucket,Value=my-logs-bucket Key=access_logs.s3.prefix,Value=mylogs-prefixAnd for a Classic Load Balancer, the command would look like:
aws elb modify-load-balancer-attributes --load-balancer-name my-load-balancer --attributes AccessLog.Enabled=true,AccessLog.S3.Bucket=my-logs-bucket,AccessLog.S3.Prefix=mylogs-prefix - 7.
Execute the command and wait for it to complete successfully.
- 8.
Verify the updated settings by going back to the Load Balancer details page and checking the logging status.
- 9.
Repeat the process for any other relevant Load Balancers to ensure compliance with NIST CSF v1.
Note: Ensure that you have an S3 bucket created for storing the ELB logs. Adjust the bucket name and prefix values according to your environment.
By following these steps, you will successfully enable ELB application and classic load balancer logging, aligning with the requirements of the NIST Cybersecurity Framework (CSF) v1.