ALB Listening on HTTP
- Query id: f81d63d2-c5d7-43a4-a5b5-66717a41c895
- Query name: ALB Listening on HTTP
- Platform: Ansible
- Severity: High
- Category: Networking and Firewall
- URL: Github
Description¶
AWS Application Load Balancer (alb) should not listen on HTTP
Documentation
Code samples¶
Code samples with security vulnerabilities¶
Positive test num. 1 - yaml file
- name: my_elb_application
community.aws.elb_application_lb:
name: myelb
security_groups:
- sg-12345678
- my-sec-group
subnets:
- subnet-012345678
- subnet-abcdef000
listeners:
- Protocol: HTTP
Port: 80
SslPolicy: ELBSecurityPolicy-2015-05
Certificates:
- CertificateArn: arn:aws:iam::12345678987:server-certificate/test.domain.com
DefaultActions:
- Type: forward
TargetGroupName: targetname
state: present
- name: my_elb_application2
community.aws.elb_application_lb:
name: myelb2
security_groups:
- sg-12345678
- my-sec-group
subnets:
- subnet-012345678
- subnet-abcdef000
listeners:
Port: 80
SslPolicy: ELBSecurityPolicy-2015-05
Certificates:
- CertificateArn: arn:aws:iam::12345678987:server-certificate/test.domain.com
DefaultActions:
- Type: forward
TargetGroupName: targetname
state: present
Code samples without security vulnerabilities¶
Negative test num. 1 - yaml file
- name: my_elb_application
community.aws.elb_application_lb:
name: myelb
security_groups:
- sg-12345678
- my-sec-group
subnets:
- subnet-012345678
- subnet-abcdef000
listeners:
- Protocol: HTTPS
Port: 80
SslPolicy: ELBSecurityPolicy-2015-05
Certificates:
- CertificateArn: arn:aws:iam::12345678987:server-certificate/test.domain.com
DefaultActions:
- Type: forward
TargetGroupName: targetname
state: present
# trigger validation