Ensure AWS Load Balancers use strong ciphers
Description
This policy checks whether AWS Load Balancers use strong ciphers for secure communication. It verifies that the protocol used is either HTTPS or TLS and that a secure SSL policy is applied. Using weak ciphers can expose the load balancer to security risks, such as eavesdropping and man-in-the-middle attacks. It is essential to use strong ciphers to protect sensitive data transmitted between the load balancer and its clients.
Code Example
terraform
resource "aws_lb_listener" "example" {
protocol = "HTTPS"
ssl_policy = "ELBSecurityPolicy-TLS-1-2-2017-01"
}Remediation
Ensure the load balancer uses a strong SSL policy, such as ELBSecurityPolicy-TLS-1-2-2017-01 or ELBSecurityPolicy-TLS-1-2-Ext-2018-06, and the protocol is set to HTTPS or TLS.
Rule Details
| Field | Value |
|---|---|
| ID | IAC-0507 |
| Severity | HIGH |
| IaC Type | Terraform |
| Frameworks | aws_alb_listener, aws_lb_listener |
| Checkov ID | CKV2_AWS_74 |