Check your Amazon Application Load Balancer listeners for secure configurations. Cloud Conformity strongly recommends using the HTTPS (Secure HTTP) protocol to encrypt the communication between the application clients and the ELBv2 load balancer.
This rule can help you with the following compliance standards:
- PCI
- APRA
- MAS
For further details on compliance standards supported by Conformity, see here.
This rule resolution is part of the Conformity Security & Compliance tool for AWS.
When an AWS ALB has no HTTPS listeners, the front-end connection between the clients and the load balancer is vulnerable to eavesdropping and Man-In-The-Middle (MITM) attacks. The risk becomes even higher when working with sensitive data such as health and personal records, credentials and credit card numbers.
Audit
To determine if your ELBv2 load balancers are using secure listeners, perform the following actions:
Remediation / Resolution
To secure (encrypt) the connection between your application clients and your load balancers, update AWS ALBs listeners configuration to support the HTTPS protocol (an X.509 SSL certificate is required). To add an HTTPS listener to your Application Load Balancers, perform the following:
References
- AWS Documentation
- Elastic Load Balancing FAQs
- Application Load Balancers
- Listeners for Your Application Load Balancers
- Create a Listener for Your Application Load Balancer
- HTTPS Listeners for Your Application Load Balancer
- AWS Command Line Interface (CLI) Documentation
- elbv2
- describe-load-balancers
- describe-listeners
- create-listener
- list-certificates
- list-server-certificates
Unlock the Remediation Steps
Free 30-day Trial
Automatically audit your configurations with Conformity
and gain access to our cloud security platform.

You are auditing:
ELBv2 ALB Listener Security
Risk level: High