Risk Level: Medium
Description:
This plugin guarantees that request logging is enabled on load balancers. Request logging to ELB endpoints is a useful tool for identifying and investigating possible attacks, malicious activities, and backend resource usage. Logs may be forwarded to S3 and analysed further there.
PingSafe strongly recommends enabling ELB request logging.
About the Service :
The Amazon ECS service may be configured to employ Elastic Load Balancing to uniformly distribute traffic among your service's jobs. The transport layer (TCP/SSL) or the application layer (HTTP/HTTPS) are where a Classic Load Balancer makes routing choices. A fixed relationship between the load balancer port and the container instance port is presently required by traditional load balancers.
Impact :
When you enable the request logging capability, your ELB will be able to record and preserve information about every TCP and HTTP request made for your backend instances. For security audits and troubleshooting sessions, access logging data may be incredibly beneficial.
Steps to reproduce :
- Login to your AWS Management Console.
- Navigate to the EC2 console.
https://ap-south-1.console.aws.amazon.com/ec2/ - Click on Load Balancers under Load Balancing.
- Select your load balancer and then navigate to the Description tab, check if the Access Logs status is enabled.
- Repeat steps for other load balancers as well.
Steps for remediation :
- Login to your AWS Management Console.
- Navigate to the EC2 console.
https://ap-south-1.console.aws.amazon.com/ec2/ - Click on Load Balancers under Load Balancing.
- Select your load balancer and then navigate to the Description tab, check if the Access Logs status is enabled.
- Click on the Edit button adjacent to the Access Logs, click on enable and Save.
- Repeat steps for other load balancers as well.
References: