Ensure ELBs use SSL listeners

Error: ELBs do not use SSL listeners

Bridgecrew Policy ID: BC_AWS_NETWORKING_36
Severity: MEDIUM

ELBs do not use SSL listeners


Elastic Load Balancers (ELBs) should use listeners that have encrypted protocols, for example, HTTPS. However, it does not necessarily mean that only SSL listeners are available, for example, you can configure an HTTP to HTTPS redirect.

We recommend at least one SSL listener is available. Providing a load balancer that does not serve encrypted traffic presents a security risk for any client connecting to the load balancer.

Fix - Runtime

AWS EC2 Console

  1. Log in to the AWS Management Console at https://console.aws.amazon.com/.
  2. Open the EC2 Console and select Load Balancers.
  3. Select the load balancer to update, and select the Listeners tab.
  4. For NLB and ALB objects, click Add Listener, or select an existing listener and click Edit, and select a protocol with SSL. For Classic ELBs, click Edit, and add or update existing rows to use a protocol with SSL.