CCSS (Common Configuration Scoring System) is a set of measures used to determine the severity of the rule.
Each rule is associated with a high-level category. For example IAM, Container, Monitoring, Logging, Network, etc.
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applicationsAn internet-facing load balancer increases attack vector reachability.
Set the load balancer's internal
attribute to true
.
# aws_elb example
resource "aws_elb" "example" {
name = "terraform-elb"
subnets = ["subnet-id"]
internal = true
access_logs {
bucket = "example"
bucket_prefix = "example"
interval = 60
}
listener {
instance_port = 8000
instance_protocol = "http"
lb_port = 80
lb_protocol = "http"
}
health_check {
healthy_threshold = 2
unhealthy_threshold = 2
timeout = 3
target = "HTTP:8000/"
interval = 30
}
instances = ["id-yyyyyy"]
cross_zone_load_balancing = true
idle_timeout = 400
connection_draining = true
connection_draining_timeout = 400
tags = {
Name = "terraform-elb"
}
}
# aws_lb example
resource "aws_lb" "example" {
name = "test-lb-tf"
internal = true
load_balancer_type = "application"
security_groups = ["id-xxxxx"]
subnets = ["id-xxxxxx"]
enable_deletion_protection = true
access_logs {
bucket = "test"
prefix = "test-lb"
enabled = true
}
tags = {
Environment = "production"
}
}
Set the Properties.Scheme
attribute to internal
.