Load balancer endpoint does not enforce HTTPS Affecting ELB service in AWS

Severity Framework Snyk CCSS

Rule category Keys and Secrets / Access

Is your enviroment affected by this misconfiguration?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications

Frameworks

CIS-Controls CSA-CCM GDPR HIPAA ISO-27001 NIST-800-53 PCI-DSS SOC-2

Snyk ID SNYK-CC-00311
credit Snyk Research Team

Report a new misconfiguration Found a mistake?

Description

The content could be intercepted and manipulated in transit.

How to fix?

Set the load balancer listener protocol attribute to HTTPS or TLS.

Example Configuration

resource "aws_lb_listener" "https" {
  load_balancer_arn = "arn:aws:iam::123456789012:lb"
  port              = "443"
  protocol          = "HTTPS"

  default_action {
    type = "forward"
  }
}

Terraform

Resource: aws_lb_listener

References

Listeners for your Application Load Balancers