Benchmark: ELB
Description
This benchmark provides a set of controls that detect Terraform AWS ELB resources deviating from security best practices.
Usage
Install the mod:
mkdir dashboardscd dashboardspowerpipe mod initpowerpipe mod install github.com/turbot/steampipe-mod-terraform-aws-complianceStart the Powerpipe server:
steampipe service startpowerpipe serverOpen http://localhost:9033 in your browser and select ELB.
Run this benchmark in your terminal:
powerpipe benchmark run terraform_aws_compliance.benchmark.elbSnapshot and share results via Turbot Pipes:
powerpipe benchmark run terraform_aws_compliance.benchmark.elb --shareControls
- Classic Load Balancers should have connection draining enabled
- ELB application and classic load balancer logging should be enabled
- ELB application load balancer deletion protection should be enabled
- ELB application load balancers should be drop HTTP headers
- ELB application load balancers should have drop invalid header fields configured
- ELB application load balancers should have Web Application Firewall (WAF) enabled
- ELB application, network and gateway load balancer should have cross-zone load balancing enabled
- ELB application, network and gateway load balancers should have defensive or strictest desync mitigation mode configured
- ELB classic load balancers should have cross-zone load balancing enabled
- ELB classic load balancers should have defensive or strictest desync mitigation mode configured
- ELB classic load balancers should use SSL certificates
- ELB classic load balancers should only use SSL or HTTPS listeners
- ELB HTTP HTTPS target group should be configured with Healthcheck
- ELB load balancer listeners should use a secure protocol