Medium

Ensure internet exposed ALBs have WAF attached

Security & Compliance
No items found.
Description

The Internet-exposed Application Load Balancers (ALBs) can be a target for various types of attacks, including DDoS attacks, SQL injection attacks, and cross-site scripting (XSS) attacks. To protect the ALBs from these attacks, it's recommended to attach a Web Application Firewall (WAF) to the ALBs. WAF can inspect the incoming traffic to the ALB and filter out the malicious traffic. Therefore, the recommended practice is to ensure that all internet-exposed ALBs have WAF attached to them.

Remediation

To ensure that internet exposed Application Load Balancers (ALBs) have Web Application Firewall (WAF) attached, you can follow these remediation steps:

  1. Log in to the AWS Management Console and navigate to the AWS WAF and Shield console.
  2. Click on the "Web ACLs" option from the left-hand menu.
  3. Click on the "Create web ACL" button.
  4. In the "Create web ACL" wizard, enter a name and description for the web ACL, and select the region where the ALB is located.
  5. In the "Rules" section of the wizard, select the rules that you want to include in the web ACL. These rules should provide the required level of protection for your ALB.
  6. In the "Scope" section of the wizard, select the resources that you want to apply the web ACL to. You should select the ALB that you want to protect.
  7. Click the "Create web ACL" button to create the web ACL.
  8. Once the web ACL is created, go to the "AWS Management Console" and select the ALB that you want to protect.
  9. Click on the "Listeners" tab and click on the "Edit" button next to the listener you want to configure.
  10. In the "Configure Listener" dialog box, select the "AWS WAF web ACL" option and choose the web ACL that you created in step 4.
  11. Click the "Update" button to save your changes.

By following these steps, you will ensure that your internet-exposed ALBs have WAF attached, which will help protect your applications from common web-based attacks.

Enforced Resources
Note: Remediation steps provided by Lightlytics are meant to be suggestions and guidelines only. It is crucial to thoroughly verify and test any remediation steps before applying them to production environments. Each organization's infrastructure and security needs may differ, and blindly applying suggested remediation steps without proper testing could potentially cause unforeseen issues or vulnerabilities. Therefore, it is strongly recommended that you validate and customize any remediation steps to meet your organization's specific requirements and ensure that they align with your security policies and best practices.