Aqua CSPM

ELBv2 HTTPS Only

Quick Info

Plugin TitleELBv2 HTTPS Only
CloudAWS
CategoryELBv2
DescriptionEnsures ELBs are configured to only accept connections on HTTPS ports.
More InfoFor maximum security, ELBs can be configured to only accept HTTPS connections. Standard HTTP connections will be blocked. This should only be done if the client application is configured to query HTTPS directly and not rely on a redirect from HTTP.
AWS Linkhttp://docs.aws.amazon.com/ElasticLoadBalancing/latest/DeveloperGuide/elb-security-policy-options.html
Recommended ActionRemove non-HTTPS listeners from load balancer.

Detailed Remediation Steps