Aqua CSPM

ELBv2 Logging Enabled

Quick Info

Plugin TitleELBv2 Logging Enabled
CloudAWS
CategoryELBv2
DescriptionEnsures load balancers have request logging enabled.
More InfoLogging requests to ELB endpoints is a helpful way of detecting and investigating potential attacks, malicious activity, or misuse of backend resources.Logs can be sent to S3 and processed for further analysis.
AWS Linkhttp://docs.aws.amazon.com/elasticloadbalancing/latest/application/load-balancer-access-logs.html
Recommended ActionEnable ELB request logging

Detailed Remediation Steps

  1. Log in to the AWS Management Console.
  2. Select the “Services” option and search for EC2.
  3. In the “EC2 Dashboard” scroll down and look for “Load Balancers” and click on “Load Balancers” to get into “Load Balancers” dashboard.
  4. Select the “Load Balancer” which needs to be verified.
  5. On the “Load Balancers” page, scroll down and check under the “Attributes” whether the “Access logs” is enabled or disabled.
  6. Repeat steps number 2 - 5 to check other Load balancers in the account.
  7. Navigate to EC2 dashboard at https://console.aws.amazon.com/ec2/.
  8. On the “EC2” dashboard, scroll down and select the “Load balancers” option from the left navigation panel and select the “Load balancer” in which “Access logs” needs to be enabled.
  9. On the Description tab, choose Edit attributes.
  10. For Access logs, select “Enable” and for S3 location, enter the name of your S3 bucket, including any prefix. If the bucket does not exist, choose Create this location for me. You must specify a name that is unique across all existing bucket names in Amazon S3 and follows the DNS naming conventions. Click on the Save button to make the changes.
  11. Repeat steps number 7 - 10 to enable ELB request logging.