Ensure deletion protection is enabled for AWS LB (Load Balancer)

MEDIUM

Description

AWS Classic load balancer has deletion protection disabled. This may lead to accidental deletion of the load balancer.

Remediation

In AWS Console -

  1. Sign in to AWS Console and open EC2 console.
  2. On the navigation pane, under LOAD BALANCING, choose Load Balancers.
  3. Select your load balancer and choose Edit load balancer attributes under Actions.
  4. Under Configuration, enable Delete protection.
  5. Select Save.

In Terraform -

  1. In the aws_lb resource, set the enable_deletion_protection field to true.

References:
https://docs.aws.amazon.com/elasticloadbalancing/latest/application/application-load-balancers.html#deletion-protection
https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/lb#enable_cross_zone_load_balancing

Policy Details

Rule Reference ID: AC_AWS_0440
CSP: AWS
Remediation Available: Yes
Resource: aws_lb
Resource Category: Virtual Network
Resource Type: Load Balancer

Frameworks