ELB Accepts HTTPS connections Only
ELB should be configured to block HTTP connection and allow only HTTPS connections.
Addresses: Security
Additional Reading:
Your number of Elastic Load Balancers can grow pretty fast - and so could be your painpoints.
ELB should be configured to block HTTP connection and allow only HTTPS connections.
Addresses: Security
Additional Reading:
Load balancers must have request logging enabled. Logging requests to ELB endpoints is a helpful way of detecting and investigating potential attacks.
Addresses: Security, Operational Maturity
Additional Reading:
Enable WAF so that this firewall will prevent malicious attackers to intrude into your system.
Addresses: Security
Check for insecure ciphers on ELBs. Various security vulnerabilities have rendered several ciphers insecure. Only the recommended ciphers should be used.
Addresses: Security
Additional Reading:
Deletion Protection flag should be enabled in order to prevent accidental deletions.
Addresses: Reliability, Operational Maturity
Additional Reading:
ELBv2 load balancers shall use only the secure listeners. A listener is a process that checks for connection requests, using the protocol and port that you configure.
Addresses: Security
Additional Reading:
For higher availability and reliability, ELBs shall work with cross zone nodes.
Addresses: Reliability
Additional Reading:
Addresses: Security
Configure minimum number of instances available for your Load Balancer to improve the reliability.
Addresses: Reliability
Classic ELB is not recommended to be used. AWS has deprecated it and wants them to move to the alternatives.
Addresses: Security, Operational Maturity, Reliability
Additional Reading:
Ensure that your app-tier Elastic Load Balancer (ELB) listeners are using the HTTPS/SSL protocol to encrypt the communication between your application clients and the load balancer.
Addresses: Security
Ensure that your app-tier Elastic Load Balancers (ELBs) listeners are using the latest AWS security policy for their SSL negotiation configuration
Addresses: Security
Improve the reliability of the applications behind your app-tier ELBs by using the appropriate health check configuration.
Addresses: Reliability
Elastic Load Balancer will not send any new requests to the unhealthy instance if an EC2 backend instance fails health checks
Addresses: Reliability
Ensure that the EC2 instances registered to your Amazon Elastic Load Balancing (ELB) are evenly distributed across all Availability Zones (AZs) in order to improve the ELBs configuration reliability
Addresses: Reliability
Check Elastic Load Balancer (ELB) security layer for at least one valid security group that restrict access only to the ports defined in the load balancer listeners configuration
Addresses: Security
Ensure that Elastic Load Balancers are using the latest AWS predefined security policies
Addresses: Security
Identify any Amazon ELBs that appear to be idle and terminate them to help lower the cost of your monthly AWS bill
Addresses: Cost Optimisation
Ensure that all Amazon internet-facing load balancers (Classic Load Balancers and Application Load Balancers) provisioned within your AWS account are regularly reviewed for security purposes.
Addresses: Security
Identify unused Elastic Load Balancers, and delete them to help lower the cost of your monthly AWS bill.
Addresses: Cost Optimisation
Ensure that your web-tier Elastic Load Balancer (ELB) listeners are using the HTTPS/SSL protocol to encrypt the communication between your application clients and the load balancer.
Addresses: Security
Ensure that your web-tier Elastic Load Balancers (ELBs) listeners are using the latest AWS security policy for their SSL negotiation configuration
Addresses: Security
Improve the reliability of the applications behind your web-tier ELBs by using the appropriate health check configuration.
Addresses: Reliability
Check your Elastic Load Balancers (ELBs) listeners for insecure configurations. Use only HTTPS or SSL to encrypt the communication between the client and your load balancers.
Addresses: Security
Check your Application Load Balancers (ALBs) listeners for insecure configurations.
Addresses: Security
Ensure that your Amazon ALBs are using the latest predefined security policy for their SSL negotiation configuration in order to follow security best practices and protect their front-end connections against SSL/TLS vulnerabilities.
Addresses: Security
Ensure that your Amazon Network Load Balancers (NLBs) are configured to terminate TLS traffic in order to optimize the performance of the backend servers.
Addresses: Security
Ensure that your Amazon Network Load Balancers (NLBs) are using the latest recommended predefined security policy for TLS negotiation configuration in order to protect their front-end connections against TLS vulnerabilities and meet security requirements
Addresses: Security
If you are not yet convinced to sign up with Cloudanix, that's not a problem. We recommend you use a comprehensive checklist which your team can use to perform a manual assessment of your workload.