AWS Elastic Load Balancer (Classic) with access log disabled
Description
These access logs can be used to analyze traffic patterns and troubleshoot security and operational issues. Access logging is an optional feature of ELB that is disabled by default.
Code Example
go
resource "aws_elb" "example" {
...
name = "test-lb-tf"
+ access_logs {
+ bucket = aws_s3_bucket.lb_logs.bucket
+ enabled = true
+ }
}Remediation
Terraform
- Resource: aws_elb
- Arguments: access_logs
Rule Details
| Field | Value |
|---|---|
| ID | IAC-0145 |
| Severity | INFO |
| IaC Type | Cloudformation |
| Frameworks | CloudFormation, Terraform, TerraformPlan, Serverless |
| Checkov ID | CKV_AWS_92 |