5.2 Ensure AWS Elastic Load Balancer logging is enabled


Elastic Load Balancing automatically distributes incoming application traffic across multiple Amazon EC2 instances in the a VPC. It enables you to achieve greater levels of fault tolerance in your applications, seamlessly providing the required amount of load balancing capacity needed to distribute application traffic.
AWS Elastic Load Balancers (ELBs) can record all incoming request sent to the load balancer and store within logs stored on S3. This allows for diagnosing application failures and analyzing web traffic and security analysis of incoming traffic.

NOTE: Nessus has not performed this check. Please review the benchmark to ensure target compliance.


Using the Amazon unified CLI:

* Create a JSON file containing the attributes you want to modify and save it locally as /tmp/ElbLogs.json:

"AccessLog": {
"Enabled": true,
"S3BucketName": "string",
"EmitInterval": integer,
"S3BucketPrefix": "string"

* Update the Load Balancer attributes:

aws elb modify-load-balancer-attributes --load-balancer-name _<elb_name>_ --load-balancer-attributes file:///tmp/ElbLogs.json

See Also


Item Details


References: 800-53|AU-12c.

Plugin: amazon_aws

Control ID: c30b903ac9859f0f658584c4481ebcc1a1cde2aec84a957cad372ab5f665eb47