ELB Audit
Checks performed
- ELB Should Accept HTTPS Connections Only
- ELB Should Have Logging Enabled
- ELB Should Have WAF Enabled
- ELBs Should Not Have Insecure Ciphers
- ELBs Should Have Deletion Protection Flag Enabled
- ELBs Should Use Secure Listeners Only
- ELBs Should Have Cross Zone Enabled
- ELBs Should Drop Invalid HTTP Header
- Minimum Number of EC2 Instances Should Be Configured For ELBs
- No Classic ELB Should Be In Use
- Secure Listeners Should Be In App-tier ELBs
- Latest AWS Security Policy for SSL Negotiations Should Be Used For App-Tier ELBs
- Right Health Check Configurations Should Be Used For App-Tier ELBs
- ELBs Should Have Connection Draining Enabled
- ELBs Should Be Evenly Distributed over AZs
- ELB Security Layer Should Have Atleast One Valid Security Group
- ELBs Must Use Latest AWS Security Policies
- No Idle ELBs Should Be Present
- Internet Facing ELBs Should Be Regularly Reviewed
- No Unused ELBs Should Be Present
- Secure Listeners in Web-tier ELBs
- Latest AWS Security Policy for SSL Negotiations Should Be Used For Web-Tier ELBs
- Right Health Check Configurations Should Be Used For Web-Tier ELBs
- ELBs Should Not Have Insecure Configurations
- ALBs Should Not Have Insecure Configurations
- ALBs Should Have Latest SSL/TLS Configurations
- NLBs Should Not Have Insecure Configurations
- NLBs Should Have Latest SSL/TLS Configurations