Ensure AWS ELB has one listener configured to listen for HTTPs traffic

LOW

Description

AWS ELB does not have any HTTPs listener enabled for external traffic. In-transit data may be prone to MiTM attacks.

Remediation

In AWS Console -

Sign in to the AWS Console and open the Load Balancer Console.
Choose the load balancer to edit and in the Actions drop down select Edit Listener.
Set the Load Balancer Protocol to HTTPS.
Select Change under the SSL Certificate and either enter the certificate details or choose one from ACM/IAM.
Select Save.

In Terraform -

In the aws_elb resource, set the listener.protocol to https.
Set the ssl_certificate_id to the ARN of the certificate to be used.

References:
https://docs.aws.amazon.com/elasticloadbalancing/latest/userguide/data-protection.html
https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/elb#lb_protocol

Policy Details

Rule Reference ID: AC_AWS_0120

CSP: AWS

Remediation Available: Yes

Domain: Infrastructure Security

Resource: aws_elb

Resource Category: Virtual Network

Resource Type: Elastic Load Balancer (ELB)

Frameworks

GDPR
HIPAA
ISO-27001
NIST-800-171
NIST-800-53
NIST-CSF
PCI-DSSv3.2.1
PCI-DSSv4.0
SOC2