Ensure Elastic Load Balancers use SSL certificates provided by AWS Certificate Manager

Error: Elastic load balancers do not use SSL Certificates provided by AWS Certificate Manager

Bridgecrew Policy ID: BC_AWS_GENERAL_67
Checkov Check ID: CKV_AWS_127
Severity: HIGH

Elastic load balancers do not use SSL Certificates provided by AWS Certificate Manager

Description

SSL helps protect your data from unauthorized access or tampering by encrypting the data that is streamed via your ELB By enabling SSL, you can help ensure that only authorized users with the correct keys can access and decrypt the data, and that the data is protected while in transit.

Fix - Buildtime

Terraform

  • Resource: aws_elb
  • Argument: ssl_certificate_id
resource "aws_elb" "test" {
  ...
  listener {
    instance_port      = 8000
    instance_protocol  = "http"
    lb_port            = 443
    lb_protocol        = "https"
+   ssl_certificate_id = "arn:aws:iam::123456789012:server-certificate/certName"
  }           
}