Benchmark: ELB
Overview
This section contains recommendations for configuring Elastic Load Balancer resources and options.
Usage
Install the mod:
mkdir dashboardscd dashboardspowerpipe mod initpowerpipe mod install github.com/turbot/steampipe-mod-aws-compliance
Start the Powerpipe server:
steampipe service startpowerpipe server
Open http://localhost:9033 in your browser and select ELB.
Run this benchmark in your terminal:
powerpipe benchmark run aws_compliance.benchmark.foundational_security_elb
Snapshot and share results via Turbot Pipes:
powerpipe benchmark run aws_compliance.benchmark.foundational_security_elb --share
Controls
- 1 Application Load Balancer should be configured to redirect all HTTP requests to HTTPS
- 2 Classic Load Balancers with SSL/HTTPS listeners should use a certificate provided by AWS Certificate Manager
- 3 Classic Load Balancer listeners should be configured with HTTPS or TLS termination
- 4 Application load balancers should be configured to drop HTTP headers
- 5 Application and Classic Load Balancers logging should be enabled
- 6 Application Load Balancer deletion protection should be enabled
- 7 Classic Load Balancers should have connection draining enabled
- 9 Classic Load Balancers should have cross-zone load balancing enabled
- 10 Classic Load Balancers should span multiple Availability Zones
- 12 Application Load Balancers should be configured with defensive or strictest desync mitigation mode
- 13 Application, Network, and Gateway Load Balancers should span multiple Availability Zones
- 14 Classic Load Balancers should be configured with defensive or strictest desync mitigation mode