Classic Load Balancers with SSL/HTTPS listeners should use a certificate issued by AWS Certificate Manager

elb
이 페이지는 아직 한국어로 제공되지 않으며 번역 작업 중입니다. 번역에 관한 질문이나 의견이 있으시면 언제든지 저희에게 연락해 주십시오.

Description

This control ensures that the Classic Load Balancer leverages HTTPS/SSL certificates issued by AWS Certificate Manager (ACM). The control fails if a Classic Load Balancer is configured to use an HTTPS/SSL listener but does not use an ACM-provided certificate. You can create a certificate either through ACM itself or by using a tool that supports the SSL and TLS protocols, such as OpenSSL. Security Hub recommends using ACM to generate or import certificates for your load balancer. ACM integrates seamlessly with Classic Load Balancers, allowing you to deploy the certificate directly onto your load balancer. Additionally, it is advisable to enable automatic renewal for these certificates.

Remediation

For details on associating an ACM SSL/TLS certificate with a Classic Load Balancer, refer to the AWS Knowledge Center article How can I associate an ACM SSL/TLS certificate with a Classic, Application, or Network Load Balancer?