ELB Should Accept HTTPS Connections Only
ELB should be configured to block HTTP connection and allow only HTTPS connections.
ELB should be configured to block HTTP connection and allow only HTTPS connections.
Load balancers should have request logging enabled. Logging requests to ELB endpoints is a helpful way of detecting and investigating potential attacks.
WAF should be enabled so that this firewall will prevent malicious attackers to intrude into your system.
Insecure ciphers on ELBs should be checked. Various security vulnerabilities have rendered several ciphers insecure. Only the recommended ciphers should be used.
Deletion Protection flag should be enabled in order to prevent accidental deletions.
ELBv2 load balancers should use only the secure listeners. A listener is a process that checks for connection requests, using the protocol and port that you configure.
For higher availability and reliability, ELBs should work with cross zone nodes.
Invalid HTTP Headers in ELB should be dropped.
Minimum number of instances should be configured for your Load Balancer to improve the reliability.
Classic ELB is not recommended to be used. AWS has deprecated it and wants them to move to the alternatives.
Your app-tier Elastic Load Balancer (ELB) listeners should be using the HTTPS/SSL protocol to encrypt the communication between your application clients and the load balancer.
Your app-tier Elastic Load Balancers (ELBs) listeners should be using the latest AWS security policy for their SSL negotiation configuration
Improve the reliability of the applications behind your app-tier ELBs by using the appropriate health check configuration.
Elastic Load Balancer should not send any new requests to the unhealthy instance if an EC2 backend instance fails health checks
EC2 instances registered to your Amazon Elastic Load Balancing (ELB) should be evenly distributed across all Availability Zones (AZs) in order to improve the ELBs configuration reliability
Check Elastic Load Balancer (ELB) security layer for at least one valid security group that restrict access only to the ports defined in the load balancer listeners configuration
Elastic Load Balancers should be using the latest AWS predefined security policies.
Amazon ELBs should not be idle. Idle ELBs should be terminated to help lower the cost of your monthly AWS bill.
All Amazon internet-facing load balancers (Classic Load Balancers and Application Load Balancers) provisioned within your AWS account should be regularly reviewed for security purposes.
You should not have unused Elastic Load Balancers in your AWS account. Unused ELBs should be deleted to help lower the cost of your monthly AWS bill.
Your web-tier Elastic Load Balancer (ELB) listeners should be using the HTTPS/SSL protocol to encrypt the communication between your application clients and the load balancer.
Your web-tier Elastic Load Balancers (ELBs) listeners should be using the latest AWS security policy for their SSL negotiation configuration
Improve the reliability of the applications behind your web-tier ELBs by using the appropriate health check configuration.
Your Elastic Load Balancers (ELBs) listeners should not have insecure configurations. Only HTTPS or SSL should be used to encrypt the communication between the client and your load balancers.
Your Application Load Balancers (ALBs) listeners should not have insecure configurations.
Your Amazon ALBs should be using the latest predefined security policy for their SSL negotiation configuration in order to follow security best practices and protect their front-end connections against SSL/TLS vulnerabilities.
Your Amazon Network Load Balancers (NLBs) should be configured to terminate TLS traffic in order to optimize the performance of the backend servers.
Your Amazon Network Load Balancers (NLBs) should be using the latest recommended predefined security policy for TLS negotiation configuration in order to protect their front-end connections against TLS vulnerabilities and meet security requirements
If you are not yet convinced to sign up with Cloudanix, that's not a problem. We recommend you use a comprehensive checklist which your team can use to perform a manual assessment of your workload.