<  Back to rules search

ELB listener is securely configured

elb

Classification:

compliance

このページは日本語には対応しておりません。随時翻訳に取り組んでいます。翻訳に関してご質問やご意見ございましたら、お気軽にご連絡ください。

Description

Use a secure protocol to encrypt communication between the client and your Elastic Load Balancers (ELBs).

Rationale

Insecure communication channels increase the risk of attacks, such as man-in-the-middle attacks, and sensitive data breaches.

Remediation

Console

Follow the Add an HTTP listener docs to learn how to create an HTTP listener in the AWS Console.

CLI

  1. Run aws iam list-server-certificates to return the SSL certificate ARN with AWS IAM.

  2. Run create-load-balancer-listeners to create a new HTTPS listener for the selected load balancer using the SSL certificates returned in step 1.

    create-load-balancer-listeners.sh

        aws elb create-load-balancer-listeners
            --load-balancer-name YourLoadBalancerName
            --listeners Protocol=HTTPS, LoadBalancerPort=443, InstanceProtocol=HTTP, InstancePort=80, SSLCertificateId=arn:aws:iam::123456789123:server-certificate/YourSSLCertificate