AWS-ELB-ELB-HTTPS-Only

Severity: High

Description: This control ensures that Classic Load Balancer listens for only encrypted protocols. Classic Load Balancers can listen to multiple protocols such as TCP, SSL, HTTP, and HTTPS. The use of unencrypted protocols is not recommended.

Remediation Steps:

Perform following to delete a listener from ELB :

1. Login to the AWS Management Console at https://console.aws.amazon.com as root user.

2. Navigate to EC2 console.

3. In the navigation pane, choose Load Balancers.

4. Select the load balancer.

5. Got to Listeners tab, click Edit.

6. Click Remove for all entries working on unencrypted protocols such as HTTP.

7. Click Save.

Important:

• Encrypted protocols such as HTTPS and SSL should be used as it helps in maintaining the confidentiality and integrity of the data.

Reference:

• Listeners for Your Classic Load Balancer - Elastic Load Balancing

• https://docs.aws.amazon.com/cli/latest/reference/elb/delete-load-balancer-listeners.html