
Control: 6.4 Ensure that HTTPS is enabled on load balancer


The simplest way to use HTTPS with an Elastic Beanstalk environment is to assign a server certificate to your environment's load balancer.

When you configure your load balancer to terminate HTTPS, the connection between the client and the load balancer is secure.


From the Console:

  1. Login to AWS Console using https://console.aws.amazon.com/elasticbeanstalk.
  2. On the left hand side click Environments.
  3. Click on the Environment name that you want to review.
  4. Under the "environment_name-env" in the left column click Configuration.
  5. Scroll down under Configurations.
  6. Under category look for Load balancer.
  7. Click Edit.
  8. Under the Listeners section.
  9. Click Add listener.
Set listener port
Set Listener protocol to HTTPS
Set Instance Port
Sent Instance protocol to HTTPS
Select your SSL certificate
  1. Click Add.
  2. Make sure it is listed as enabled. If you have other listeners not using HTTPS make sure to turn off enabled.
  3. Click Apply to save the configuration changes.
  4. Repeat steps 3-12 for each environment within the current region.
  5. Then repeat the remediation for all other regions.


Run the control in your terminal:

powerpipe control run aws_compliance.control.cis_compute_service_v100_6_4

Snapshot and share results via Turbot Pipes:

powerpipe login
powerpipe control run aws_compliance.control.cis_compute_service_v100_6_4 --share


This control uses a named query:

'arn:' || partition || ':::' || account_id as resource,
'info' as status,
'Manual verification required.' as reason
, account_id
