Best practice rules for Elastic Load Balancing V2
Trend Micro Cloud One™ – Conformity monitors Elastic Load Balancing V2 with the following rules:
- Configure Multiple Availability Zones for Gateway Load Balancers
Ensure that Amazon Gateway Load Balancers are using Multi-AZ configurations.
- Drop Invalid Header Fields for Application Load Balancers
Ensure that Drop Invalid Header Fields feature is enabled for your Application Load Balancers to remove non-standard headers.
- ELBv2 ALB Listener Security
Ensure that your Application Load Balancer (ALB) listeners are using a secure protocol such as HTTPS.
- ELBv2 ALB Security Group
Ensure that your Amazon ELBv2 load balancers have secure and valid security groups.
- ELBv2 ALB Security Policy
Ensure AWS Application Load Balancers (ALBs) are using the latest predefined security policy.
- ELBv2 Access Log
Ensure access logging is enabled for your AWS ALBs to follow security best practices.
- ELBv2 Elastic Load Balancing Deletion Protection
Ensure Deletion Protection feature is enabled for your AWS load balancers to follow security best practices.
- ELBv2 Minimum Number of EC2 Target Instances
Ensure there is a minimum number of two healthy target instances associated with each AWS ELBv2 load balancer.
- ELBv2 NLB Listener Security
Ensure that your AWS Network Load Balancer listeners are using a secure protocol such as TLS
- Enable HTTP to HTTPS Redirect for Application Load Balancers
Ensure that your Application Load Balancers have a rule that redirects HTTP traffic to HTTPS.
- Internet Facing ELBv2 Load Balancers
Ensure internet-facing ELBv2 load balancers are regularly reviewed for security reasons (informational).
- Network Load Balancer Security Policy
Ensure that AWS Network Load Balancers are using the latest predefined security policy.
- Unused ELBv2 Load Balancers
Identify unused Elastic Load Balancers (ELBv2) and delete them in order to reduce AWS costs.