Control: 6.4 Ensure that HTTPS is enabled on load balancer
Description
The simplest way to use HTTPS with an Elastic Beanstalk environment is to assign a server certificate to your environment's load balancer.
When you configure your load balancer to terminate HTTPS, the connection between the client and the load balancer is secure.
Remediation
From the Console:
- Login to AWS Console using https://console.aws.amazon.com/elasticbeanstalk.
- On the left hand side click
Environments. - Click on the
Environment namethat you want to review. - Under the "environment_name-env" in the left column click
Configuration. - Scroll down under Configurations.
- Under category look for
Load balancer. - Click
Edit. - Under the
Listenerssection. - Click
Add listener.
Set listener portSet Listener protocol to HTTPSSet Instance PortSent Instance protocol to HTTPSSelect your SSL certificate
- Click
Add. - Make sure it is listed as enabled. If you have other listeners not using HTTPS make sure to turn off enabled.
- Click
Applyto save the configuration changes. - Repeat steps 3-12 for each environment within the current region.
- Then repeat the remediation for all other regions.
Usage
Run the control in your terminal:
powerpipe control run aws_compliance.control.cis_compute_service_v100_6_4Snapshot and share results via Turbot Pipes:
powerpipe loginpowerpipe control run aws_compliance.control.cis_compute_service_v100_6_4 --shareSQL
This control uses a named query:
select 'arn:' || partition || ':::' || account_id as resource, 'info' as status, 'Manual verification required.' as reason , account_idfrom aws_account;