AWS-ELB-Public

Severity: Medium

Description: This control ensures that no classic load balancers is configured for internet facing scheme. To maintain a secure load balancing architecture it is essential to AWS Load balancers to be configured with right scheme. An internet-facing load balancer has a publicly resolvable DNS name, so it can route requests from clients over the internet to the EC2 instances that are registered with the load balancer. An internal load balancer routes requests to targets using private IP addresses.

Remediation Steps:

Perform following to update ELB access policy :

1. Login to the AWS Management Console at https://console.aws.amazon.com as root user.

2. Navigate to EC2 console.

3. In the navigation pane, under LOAD BALANCING, select Load Balancers.

4. Click Create load balancer from the dashboard top menu, select Classic Load Balancer and click Continue.

5. Step 1: Define Load Balance

   1. Provide a unique name for your new AWS ALB.

   2. Set option Create an internal load balancer.

   3. Configure the necessary security groups, security settings, health check and add relevant tags.

Important:

Reference :

• Internet-facing Classic Load Balancers - Elastic Load Balancing

• create-load-balancer — AWS CLI 1.36.7 Command Reference