Check your Elastic Load Balancer (ELB) security layer for at least one valid security group that restrict access only to the ports defined in the load balancer listeners configuration. This rule excludes ICMP configuration.
This rule can help you with the following compliance standards:
For further details on compliance standards supported by Conformity, see here.
This rule resolution is part of the Conformity Security & Compliance tool for AWS.
If your Elastic Load Balancer (ELB) is configured with a missing security group or a security group that grant access to any ports that are not defined in the listener configuration, the risk of data loss and unauthorized access increases.
If your ELB is created without specifying a security group, it is automatically associated with an invalid security group (VPC default security group).
If a security group associated with an existing ELB is deleted, the load balancer will stop working as expected.
Case A: to determine if your Elastic Load Balancer use invalid security groups, perform the following:
Case B: to determine if your Elastic Load Balancer use any insecure security groups, perform the following:
Remediation / Resolution
To update an insecure or invalid security group assigned to your load balancer, perform the following:
Unlock the Remediation Steps
Free 30-day Trial
Automatically audit your configurations with Conformity
and gain access to our cloud security platform.
You are auditing:
ELB Security Group
Risk level: High