AWS Config Rule: ELB ACM SSL Certificate Required
ELB_ACM_CERTIFICATE_REQUIRED
Fernando Honig
Last Update 10 kuukautta sitten
Description: Checks if the Classic Load Balancers use SSL certificates provided by AWS Certificate Manager. To use this rule, use an SSL or HTTPS listener with your Classic Load Balancer. This rule is only applicable to Classic Load Balancers. This rule does not check Application Load Balancers and Network Load Balancers.
Trigger type: Configuration changes
AWS Region: All supported AWS regions except Asia Pacific (Jakarta), Africa (Cape Town), Asia Pacific (Hyderabad), Asia Pacific (Osaka), Asia Pacific (Melbourne), Europe (Milan), AWS GovCloud (US-East), Europe (Spain), Europe (Zurich) Region
How to Resolve Manually
To resolve this manually, you will need to ensure that you are using a certificate from AWS Certificate Manager (ACM) to certify an SSL or HTTPS listener which exists on your Classic Load Balancer in question. Whilst you do have the option to Upload a certificate to IAM and choose one from there, it is recommended to use one from ACM as you can offload the certificate renewal to ACM.
When constructing a new CLB, you have the option to configure the above in Step 3: Configure Security Settings.
Please see below for an example on how to choose the correct configuration, providing you have a certificate ready to go. What is also useful, is that you can request a new certificate from ACM from this page.
Want to know more about StackZone and how to make your cloud management simple and secure?
Check our how it works section with easy to follow videos or just create your own StackZone Account here
