AWS-ELBv2-ELB-SSL-Termination

Severity : High

Description: This control ensures that ELBv2 network Load Balancer is configured to handle SSL/TLS connection termination at the load balancer. When web application is accessed using HTTPS to maintain secure communication channel, the SSL/TLS connection can end at load balancer instead of application listeners .This will free backend servers from the compute-intensive work of encrypting and decrypting all of traffic, while also giving host of other features and benefits like simplifying management, Source IP preservation, zero day patching, access logs.

Remediation Steps:

Perform following to enable SSL/TLS termination at the load balancer :

1. Login to the AWS Management Console at https://console.aws.amazon.com as root user.

2. Navigate to EC2 console.

3. In the navigation pane, under LOAD BALANCING, choose Load Balancers.

4. Select Network Load Balancer reported.

5. In load balancer details , Select Listener

6. Check the Listener and select Edit.

7. In Listener Details, change Protocol to TLS.

8. In Secure listener settings, Select the Security policy and SSL certificate. For certificate , If using ACM, request a certificate. If using import, import a already available server certificate.

9. Select the ALPN Policy, based on web application.

10. Select Save Changes.

Important:

Reference:

• https://docs.aws.amazon.com/elasticloadbalancing/latest/network/create-network-load-balancer.html