Ensure one HTTPS listener is configured for AWS Load Balancer

HIGH

Description

Not configuring AWS Load balancer to have one HTTPS listener could impact the confidentiality of data in transit.

Remediation

In AWS Console -

Sign in to the AWS Console and open the Load Balancer Console.
Choose the load balancer to edit and in the Actions drop down select Edit Listener.
Set the Load Balancer Protocol to HTTPS.
Select Change under the SSL Certificate and either enter the certificate details or choose one from ACM/IAM.
Select Save.

In Terraform -

In the aws_lb_listener resource, set the protocol to https.
Set the certificate_arn to the ARN of the certificate to be used.

References:
https://docs.aws.amazon.com/elasticloadbalancing/latest/userguide/data-protection.html
https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/lb_listener

Policy Details

Rule Reference ID: AC_AWS_0454

CSP: AWS

Remediation Available: Yes

Domain: Infrastructure Security

Resource: aws_lb_listener

Resource Category: Virtual Network

Resource Type: Load Balancer

Frameworks

GDPR
HIPAA
NIST-800-171
NIST-800-53
NIST-CSF
PCI-DSSv3.2.1
PCI-DSSv4.0