Medium

Ensure Application Load Balancer (ALB) has access logging enabled

Security & Compliance
No items found.
Description

The Ensure Application Load Balancer (ALB) has access logging enabled rule ensures that access logging is enabled for Application Load Balancers in AWS. Access logs contain information about client requests made to an ALB, and they can be useful for troubleshooting, analyzing traffic patterns, and auditing. When access logging is not enabled, it becomes difficult to trace the requests to the backend instance or identify issues with the load balancer.‍

Remediation

To remediate the "Ensure Application Load Balancer (ALB) has access logging enabled" finding, you can follow the below steps:

  1. Open the Amazon EC2 Console.
  2. In the navigation pane, under LOAD BALANCING, choose Load Balancers.
  3. Select the checkbox next to the ALB name you want to modify.
  4. Choose Edit attributes.
  5. Scroll down to the Access logs section.
  6. Select the Enable access logs check box.
  7. Enter a name for your S3 bucket, and optionally, a prefix for the log object keys.
  8. Choose the IAM role used to grant permissions to write to the specified S3 bucket.
  9. Click on the Save button to save your changes.

After completing these steps, your ALB will have access logging enabled, and logs will be written to the specified S3 bucket. It is recommended to periodically review the access logs to ensure that the ALB is functioning as expected and there are no unauthorized access attempts or suspicious activities.

Enforced Resources
Note: Remediation steps provided by Lightlytics are meant to be suggestions and guidelines only. It is crucial to thoroughly verify and test any remediation steps before applying them to production environments. Each organization's infrastructure and security needs may differ, and blindly applying suggested remediation steps without proper testing could potentially cause unforeseen issues or vulnerabilities. Therefore, it is strongly recommended that you validate and customize any remediation steps to meet your organization's specific requirements and ensure that they align with your security policies and best practices.