AWS-ELBv2-Public

Owned by naveen
Last updated: Nov 30, 2021
2 min read

Severity: High

Description: This control ensures that no Application load balancers is configured for internet facing scheme. To maintain a secure load balancing architecture it is essential to AWS Load balancers to be configured with right scheme. An internet-facing load balancer has a publicly resolvable DNS name, so it can route requests from clients over the internet to the EC2 instances that are registered with the load balancer. An internal load balancer routes requests to targets using private IP addresses.

Remediation Steps:

Perform following to update permission for EBS :

  1. Login to the AWS Management Console at https://console.aws.amazon.com as root user.

  2. Navigate to EC2 console.

  3. In the navigation pane, under LOAD BALANCING, select Load Balancers.

  4. Click Create load balancer from the dashboard top menu, select Application Load Balancer and click Continue.

  5. Step 1: Configure Load Balancer

    1. Provide a unique name for your new AWS ALB.

    2. Set the load balancer Scheme to internal.

    3. Configure the necessary listeners and availability zones then once all these are configured, use the Add tag button, available in the Tags section, to attach tags to your new ALB.

    4. Click Next.

  6. Step 2: Configure Security Settings

    1. Create the necessary HTTPS listener for your new ELB.

    2. If Application Load Balancer is not using an HTTPS listener just skip this page.

    3. Click Next.

  7. Step 3: Configure Security Groups

    1. Select Create a new security group, provide a name and a short description for the new security group.

    2. Add a rule that allows traffic to the port that configured ALB to use.

    3. Click Next.

  8. Step 4: Configure Routing

    1. Choose an existing Target Group or set a new one based on your requirements.

    2. In the Health checks section, click Advanced health check settings and configure the new load balancer health checks.

    3. Click Next.

  9. Step 5: Register Targets

    1. Use Add to registered button to attach the necessary backend instances to the internal ALB.

    2. Click Next.

  10. Step 6: Review

    1. Examine all the required configuration details then click Create to build your new internal Application Load Balancer.

Important:

Reference:

Blue Hexagon Proprietary