Ensure that your AWS Elastic Load Balancers use access logging to analyze traffic patterns and identify and troubleshoot security issues.
This rule can help you with the following compliance standards:
- PCI
- HIPAA
- APRA
- MAS
- NIST4
For further details on compliance standards supported by Conformity, see here.
This rule can help you work with the AWS Well-Architected Framework.
This rule resolution is part of the Conformity Security & Compliance tool for AWS.
Enabling this feature will allow your ELB to record and save information about each TCP and HTTP request made for your backend instances. The access logging data can be extremely useful for security audits and troubleshooting sessions. For example your ELB logging data can be used to analyze traffic patterns in order to detect different types of attacks and help implementing custom protection plans.
Audit
To determine if the access logging is enabled for your load balancers, perform the following:
Remediation / Resolution
To enable access logging for your ELBs, you need to perform the following:
References
- AWS Documentation
- What Is Elastic Load Balancing?
- How Elastic Load Balancing Works
- Enable Access Logs for Your Load Balancer
- Monitor Your Load Balancer Using Elastic Load Balancing Access Logs
- AWS Policy Generator
- AWS Command Line Interface (CLI) Documentation
- create-bucket
- put-bucket-policy
- describe-load-balancer-attributes
- modify-load-balancer-attributes
- AWS Blog(s)
- Access Logs for Elastic Load Balancers
Unlock the Remediation Steps
Free 30-day Trial
Automatically audit your configurations with Conformity
and gain access to our cloud security platform.

You are auditing:
ELB Access Log
Risk level: Medium