Classic Load Balancers with SSL/HTTPS listeners should use a certificate issued by AWS Certificate Manager

このページは日本語には対応しておりません。随時翻訳に取り組んでいます。翻訳に関してご質問やご意見ございましたら、お気軽にご連絡ください。

Description

This control ensures that the Classic Load Balancer leverages HTTPS/SSL certificates issued by AWS Certificate Manager (ACM). The control fails if a Classic Load Balancer is configured to use an HTTPS/SSL listener but does not use an ACM-provided certificate. You can create a certificate either through ACM itself or by using a tool that supports the SSL and TLS protocols, such as OpenSSL. Security Hub recommends using ACM to generate or import certificates for your load balancer. ACM integrates seamlessly with Classic Load Balancers, allowing you to deploy the certificate directly onto your load balancer. Additionally, it is advisable to enable automatic renewal for these certificates.

Remediation

For details on associating an ACM SSL/TLS certificate with a Classic Load Balancer, refer to the AWS Knowledge Center article How can I associate an ACM SSL/TLS certificate with a Classic, Application, or Network Load Balancer?