Ensure that HTTPS is enabled for the load balancer associated with your Amazon Elastic Beanstalk application environment in order to handle encrypted web traffic. By default, the load balancer handles unencrypted traffic requests (HTTP) through port 80. To enable HTTPS traffic over port 443, you must create and configure an HTTPS listener for the associated load balancer.
When the load balancer associated with your Amazon Elastic Beanstalk application environment is not configured to receive HTTPS requests, the connection between the clients and the load balancer is vulnerable to eavesdropping and Man-In-The-Middle (MITM) attacks. The risk becomes even higher when the web application running behind the load balancer is working with sensitive data such as health and personal records, credentials and credit card numbers. Enabling HTTPS for your application environment load balancer will ensure that the web traffic between the client and the load balancer is encrypted over SSL/TLS, and the transmitted data is secured.
Audit
To determine if your Amazon Elastic Beanstalk environment load balancers are using HTTPS, perform the following operations:
Remediation / Resolution
To enforce HTTPS for the load balancers associated with your Amazon Elastic Beanstalk application environments, perform the following operations:
References
- AWS Documentation
- Configuring HTTPS for your Elastic Beanstalk environment
- Configuring your Elastic Beanstalk environment's load balancer to terminate HTTPS
- General options for all environments
- Setting configuration options after environment creation
- AWS Command Line Interface (CLI) Documentation
- elasticbeanstalk
- describe-applications
- describe-environments
- describe-configuration-settings
- update-environment