CloudWiki
Rules
Medium

Resource is Internet facing via ELB

Security & Compliance
Description

When a resource is internet facing via an ELB (Elastic Load Balancer), it means that the resource is accessible from the internet through the ELB. An ELB is a highly scalable load balancing service that distributes incoming traffic across multiple targets, such as EC2 instances, containers, or IP addresses, in one or more Availability Zones. ELBs can be configured with multiple security features to ensure the security of internet-facing resources, such as SSL/TLS encryption, access control policies, and web application firewall (WAF) rules. They also support several routing policies, including round-robin, least connections, and IP hash, which allow you to choose how traffic is distributed to your targets. With an ELB, you can scale your internet-facing resources horizontally by adding or removing targets based on traffic patterns. This enables you to handle sudden increases in traffic and improve the performance and availability of your applications. Overall, ELBs provide a reliable and scalable way to make internet-facing resources highly available and secure.

Remediation

When a resource is internet facing via an ELB (Elastic Load Balancer), there are several remediation steps that can be taken to improve security and reduce the risk of potential attacks. Here are some of the steps that you can take:

  1. Enable Encryption: Enable SSL/TLS encryption on the ELB to ensure that all traffic between the client and the resource is encrypted. This can help prevent interception of sensitive data.
  2. Configure Access Control: Configure access control policies to limit who can access the internet-facing resources. You can use security groups to restrict access to specific IP addresses or CIDR ranges.
  3. Implement WAF: Implement a Web Application Firewall (WAF) to protect the resource from common web-based attacks such as SQL injection, cross-site scripting, and cross-site request forgery.
  4. Regularly Update: Regularly update the ELB to ensure that it is running the latest software and security patches. This will help protect against known vulnerabilities.
  5. Monitor Activity: Monitor the activity of the resource and the ELB to detect any unusual behavior. You can set up alerts to notify you of any suspicious activity.
  6. Review Configurations: Regularly review the configurations of the ELB and the resource to ensure that they are aligned with your security policies and best practices.
  7. Enable Logging: Enable logging for the ELB to capture all incoming and outgoing traffic. This can help you detect and respond to any suspicious activity.

By implementing these steps, you can reduce the risk of potential attacks and ensure that your internet-facing resources are secure.

Enforced Resources
Note: Remediation steps provided by Lightlytics are meant to be suggestions and guidelines only. It is crucial to thoroughly verify and test any remediation steps before applying them to production environments. Each organization's infrastructure and security needs may differ, and blindly applying suggested remediation steps without proper testing could potentially cause unforeseen issues or vulnerabilities. Therefore, it is strongly recommended that you validate and customize any remediation steps to meet your organization's specific requirements and ensure that they align with your security policies and best practices.