Control: ELB classic load balancers should have defensive or strictest desync mitigation mode configured
Description
Ensure that your classic load balancers (ELBs) are configured with defensive or strictest desync mitigation mode.
Usage
Run the control in your terminal:
powerpipe control run terraform_aws_compliance.control.elb_classic_lb_use_desync_mitigation_modeSnapshot and share results via Turbot Pipes:
powerpipe loginpowerpipe control run terraform_aws_compliance.control.elb_classic_lb_use_desync_mitigation_mode --shareSQL
This control uses a named query:
select address as resource, case when (attributes_std ->> 'desync_mitigation_mode') like any (array ['defensive', 'strictest']) then 'ok' else 'alarm' end status, split_part(address, '.', 2) || case when (attributes_std ->> 'desync_mitigation_mode') like any (array ['defensive', 'strictest']) then ' configured with ' || (attributes_std ->> 'desync_mitigation_mode') || ' mitigation mode' else ' not configured with defensive or strictest desync mitigation mode' end || '.' reason , path || ':' || start_linefrom terraform_resourcewhere type = 'aws_elb';