v1.0 for Steampipe, Powerpipe, Flowpipe, 116 plugins, and 44 mods →
Powerpipe Hub 
Hub
Mods
turbot/aws_compliance
Overview
32Dashboards
1295Controls
585Queries
4Variables
GitHub

Control: 6.4 Ensure that HTTPS is enabled on load balancer

Description

The simplest way to use HTTPS with an Elastic Beanstalk environment is to assign a server certificate to your environment's load balancer.

When you configure your load balancer to terminate HTTPS, the connection between the client and the load balancer is secure.

Remediation

From the Console:

  1. Login to AWS Console using https://console.aws.amazon.com/elasticbeanstalk.
  2. On the left hand side click Environments.
  3. Click on the Environment name that you want to review.
  4. Under the "environment_name-env" in the left column click Configuration.
  5. Scroll down under Configurations.
  6. Under category look for Load balancer.
  7. Click Edit.
  8. Under the Listeners section.
  9. Click Add listener.
Set listener port
Set Listener protocol to HTTPS
Set Instance Port
Sent Instance protocol to HTTPS
Select your SSL certificate
  1. Click Add.
  2. Make sure it is listed as enabled. If you have other listeners not using HTTPS make sure to turn off enabled.
  3. Click Apply to save the configuration changes.
  4. Repeat steps 3-12 for each environment within the current region.
  5. Then repeat the remediation for all other regions.

Usage

Run the control in your terminal:

powerpipe control run aws_compliance.control.cis_compute_service_v100_6_4

Snapshot and share results via Turbot Pipes:

powerpipe login
powerpipe control run aws_compliance.control.cis_compute_service_v100_6_4 --share

SQL

This control uses a named query:

manual_control

Tags

category = Compliance
cis = true
cis_item_id = 6.4
cis_level = 1
cis_section_id = 6
cis_type = manual
cis_version = v1.0.0
plugin = aws
service = AWS/ElasticBeanstalk