Control: 1 Application Load Balancer should be configured to redirect all HTTP requests to HTTPS
This control checks whether HTTP to HTTPS redirection is configured on all HTTP listeners of Application Load Balancers. The control fails if any of the HTTP listeners of Application Load Balancers do not have HTTP to HTTPS redirection configured.
Before you start to use your Application Load Balancer, you must add one or more listeners. A listener is a process that uses the configured protocol and port to check for connection requests. Listeners support both the HTTP and HTTPS protocols. You can use an HTTPS listener to offload the work of encryption and decryption to your load balancer. To enforce encryption in transit, you should use redirect actions with Application Load Balancers to redirect client HTTP requests to an HTTPS request on port 443.
To enable VPC flow logging
- Open the Amazon EC2 console.
- In the navigation pane, under Load Balancing, choose Load balancers.
- Choose an
Application Load Balancer.
- Choose Listeners.
- Select the check box for an HTTP listener (port 80 TCP) and then choose Edit.
- If there is an existing rule, you must delete it. Otherwise, choose Add action and then choose Redirect to....
HTTPSand then enter
- Choose the check mark in a circle symbol and then choose Update.
steampipe check aws_compliance.control.foundational_security_elbv2_1
This control uses a named query:elb_application_lb_redirect_http_request_to_https