ELBv1 listener protocol should not be set to http¶
Description¶
Communication from an ELB to EC2 instances should be encrypted to help prevent unauthorized access to data. To protect data in transit, ELB listener protocol should not be set to HTTP.
Remediation Steps¶
AWS CLI¶
List all of your load balancers to determine all of their names:
aws elb describe-load-balancers
Get a list of all SSL certificate ARNs available via AWS ACM:
aws acm list-certificates --region <region>
Also get a list of all SSL certificate ARNs available via AWS IAM:
aws iam list-server-certificates
Create a new HTTPS listener for any load balancer that needs it, using one of the SSL certificate ARNs previously listed:
aws elb create-load-balancer-listeners --region <region> --load-balancer-name <load_balancer_name> --listeners Protocol=HTTPS, LoadBalancerPort=443, InstanceProtocol=HTTP, InstancePort=80, SSLCertificateId=<ssl_certificate_arn>