ELB Should Have Logging Enabled

More Info:

Load balancers should have request logging enabled. Logging requests to ELB endpoints is a helpful way of detecting and investigating potential attacks.

Risk Level

Informational

Address

Security, Operational Maturity

Compliance Standards

HIPAA, GDPR, SOC2, NIST, ISO27001, HITRUST, NISTCSF, PCIDSS, FedRAMP

Triage and Remediation

Remediation

Using Console

Using CLI

To remediate the misconfiguration of ELB not having logging enabled in AWS using AWS CLI, follow the below steps:Step 1: Open the AWS CLI and run the following command to enable access logs for the ELB:

aws elb modify-load-balancer-attributes --load-balancer-name <ELB Name> --load-balancer-attributes "{\"AccessLog\":{\"Enabled\":true,\"S3BucketName\":\"<S3 Bucket Name>\",\"S3BucketPrefix\":\"<S3 Bucket Prefix>\"}}"

Note: Replace <ELB Name>, <S3 Bucket Name> and <S3 Bucket Prefix> with the appropriate values.Step 2: Verify if the access logs are enabled for the ELB by running the following command:

aws elb describe-load-balancers --load-balancer-name <ELB Name> --query "LoadBalancerDescriptions[].{AccessLog:AccessLog.Enabled}"

This command will return the value of “AccessLog” parameter as “true” if the access logs are enabled for the ELB.Step 3: Check if the logs are being written to the S3 bucket by running the following command:

aws s3 ls s3://<S3 Bucket Name>/<S3 Bucket Prefix>/

This command will list all the log files that are being written to the specified S3 bucket. If the logs are being written, then the access logs are successfully enabled for the ELB.By following these steps, you can remediate the misconfiguration of ELB not having logging enabled in AWS using AWS CLI.

Using Python

To remediate the ELB logging misconfiguration in AWS using Python, you can follow these steps:

First, you need to import the Boto3 library in your Python script. Boto3 is the AWS SDK for Python, which allows you to interact with AWS services using Python code.

import boto3

Next, you need to create a Boto3 client for the Elastic Load Balancing (ELB) service.

elb_client = boto3.client('elbv2')

Then, you can use the describe_load_balancers method to get a list of all the ELBs in your AWS account.

response = elb_client.describe_load_balancers()
load_balancers = response['LoadBalancers']

Once you have the list of ELBs, you can loop through each ELB and check if logging is enabled or not. You can use the describe_load_balancer_attributes method to get the attributes of each ELB.

for lb in load_balancers:
    lb_arn = lb['LoadBalancerArn']
    response = elb_client.describe_load_balancer_attributes(LoadBalancerArn=lb_arn)
    attributes = response['Attributes']
    for attr in attributes:
        if attr['Key'] == 'access_logs.s3.enabled':
            if attr['Value'] == 'false':
                # Enable logging for the ELB
                elb_client.modify_load_balancer_attributes(
                    LoadBalancerArn=lb_arn,
                    Attributes=[
                        {
                            'Key': 'access_logs.s3.enabled',
                            'Value': 'true'
                        }
                    ]
                )

Finally, you can modify the ELB attributes using the modify_load_balancer_attributes method to enable logging for the ELB.

The above Python code will check if logging is enabled for each ELB in your AWS account. If logging is not enabled, it will enable logging for that ELB.

Additional Reading:

https://docs.aws.amazon.com/elasticloadbalancing/latest/application/load-balancer-access-logs.html

AWS Introduction

AWS Pricing

AWS Threats

AWS Misconfigurations

ELB Should Have Logging Enabled

More Info:

Risk Level

Address

Compliance Standards

Triage and Remediation

Remediation

Additional Reading:

AWS Introduction

AWS Pricing

AWS Threats

AWS Misconfigurations

​More Info:

​Risk Level

​Address

​Compliance Standards

​Triage and Remediation

​Remediation

​Additional Reading:

More Info:

Risk Level

Address

Compliance Standards

Triage and Remediation

Remediation

Additional Reading: