Ensure access logging is enabled for AWS ELB

MEDIUM

Description

AWS ELB has access logging disabled which may lead to unmonitored logins and activities.

Remediation

In AWS Console -

Sign in to the AWS Console and open the Load Balancer Console.
Choose the load balancer to edit and in the Actions drop down select Edit load balancer attributes.
Under Attributes, select Configure access logs.
Check the Enable access logs box and provide an interval and S3 location.
Select Save.

In Terraform -

In the aws_elb resource, set the access_logs.enabled field to true.
Provide an interval and bucket (S3 location).

References:
https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/elb#access_logs

Policy Details

Rule Reference ID: AC_AWS_0123

CSP: AWS

Remediation Available: Yes

Domain: Logging and Monitoring

Resource: aws_elb

Resource Category: Virtual Network

Resource Type: Elastic Load Balancer (ELB)

Frameworks

GDPR
HIPAA
NIST-800-171
NIST-800-53
NIST-CSF
PCI-DSSv3.2.1
CCM
ISO-27001
SOC2