🛡️ AWS ELB Load Balancer Access Logging is disabled🟢

Contextual name: 🛡️ Load Balancer Access Logging is disabled🟢
ID: /ce/ca/aws/elb/load-balancer-access-logging
Tags:
- 🟢 Policy with categories
- 🟢 Policy with type
- 🟢 Production policy
Policy Type: COMPLIANCE_POLICY
Policy Categories: RELIABILITY

Logic

🧠 prod.logic.yaml🟢
- 📗 AWS ELB Load Balancer
- 🔌 AWS ELB Load Balancer - object.extracts.yaml
- 🧪 test-data.json

Similar Policies

AWS Security Hub: [ELB.5] Application and Classic Load Balancers logging should be enabled
Cloud Conformity: ELB Access Log

Description

Description

Ensure that access logging is enabled for Application, Network, and Classic Load Balancers. Access logs capture detailed information about requests processed by the load balancer.

Rationale

When access logging is enabled, load balancer logs are delivered to a designated Amazon S3 bucket. These logs record information about each request, including client IP address, request path, response codes, and latency. Access logs are valuable for analyzing traffic patterns, supporting security investigations, implementing protection and compliance controls, and troubleshooting operational issues.

Impact

Enabling access logging may result in additional Amazon S3 storage costs for retaining log files. There is no additional charge for the access logging feature itself.

Audit

This policy flags an AWS ELB load balancer as INCOMPLIANT if the Access Logs Enabled field is false.

Gateway Load Balancers are marked as INAPPLICABLE.

Remediation

Open File

Remediation

Enable Access Logging

Enable access logging for Amazon Elastic Load Balancers to capture detailed request information and store it in Amazon S3 for analysis, auditing, and troubleshooting.

From Command Line

1. Create an Amazon S3 bucket for access logs

Create an S3 bucket to store load balancer access logs:
aws s3api create-bucket \
    --bucket {{access-logs-bucket-name}} \
    --region {{region-name}}
2. Configure the S3 bucket policy

Grant the load balancer permission to write access logs to the S3 bucket. Create a file named access-logging-policy.json and replace all placeholders with your own values:
{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Sid": "ELBAccessLoggingPolicy",
      "Effect": "Allow",
      "Principal": {
        "Service": "logdelivery.elasticloadbalancing.amazonaws.com"
      },
      "Action": "s3:PutObject",
      "Resource": "arn:aws:s3:::{{access-logs-bucket-name}}/{{logging-prefix}}/AWSLogs/{{account-id}}/*"
    }
  ]
}
Attach the policy to the S3 bucket:

... see more

policy.yaml

Open File

Linked Framework Sections

Section	Sub Sections	Internal Rules	Policies	Compliance
💼 AWS Foundational Security Best Practices v1.0.0 → 💼 [ELB.5] Application and Classic Load Balancers logging should be enabled			1	no data
💼 AWS Well-Architected → 💼 SEC04-BP02 Capture logs, findings, and metrics in standardized locations			3	no data
💼 Cloudaware Framework → 💼 Logging and Monitoring Configuration			75	no data
💼 FedRAMP High Security Controls → 💼 AU-2 Event Logging (L)(M)(H)			26	no data
💼 FedRAMP High Security Controls → 💼 AU-3 Content of Audit Records (L)(M)(H)	1		37	no data
💼 FedRAMP High Security Controls → 💼 AU-6(3) Correlate Audit Record Repositories (M)(H)			16	no data
💼 FedRAMP High Security Controls → 💼 AU-6(4) Central Review and Analysis (H)			16	no data
💼 FedRAMP High Security Controls → 💼 AU-10 Non-repudiation (H)			15	no data
💼 FedRAMP High Security Controls → 💼 AU-12 Audit Record Generation (L)(M)(H)	2		73	no data
💼 FedRAMP High Security Controls → 💼 CA-7 Continuous Monitoring (L)(M)(H)	2		27	no data
💼 FedRAMP Low Security Controls → 💼 AU-2 Event Logging (L)(M)(H)			26	no data
💼 FedRAMP Low Security Controls → 💼 AU-3 Content of Audit Records (L)(M)(H)			23	no data
💼 FedRAMP Low Security Controls → 💼 AU-12 Audit Record Generation (L)(M)(H)			73	no data
💼 FedRAMP Low Security Controls → 💼 CA-7 Continuous Monitoring (L)(M)(H)	1		27	no data
💼 FedRAMP Moderate Security Controls → 💼 AU-2 Event Logging (L)(M)(H)			26	no data
💼 FedRAMP Moderate Security Controls → 💼 AU-3 Content of Audit Records (L)(M)(H)	1		37	no data
💼 FedRAMP Moderate Security Controls → 💼 AU-6(3) Correlate Audit Record Repositories (M)(H)			16	no data
💼 FedRAMP Moderate Security Controls → 💼 AU-12 Audit Record Generation (L)(M)(H)			73	no data
💼 FedRAMP Moderate Security Controls → 💼 CA-7 Continuous Monitoring (L)(M)(H)	2		27	no data
💼 NIST CSF v2.0 → 💼 DE.AE-02: Potentially adverse events are analyzed to better understand associated activities			50	no data
💼 NIST CSF v2.0 → 💼 DE.AE-03: Information is correlated from multiple sources			65	no data
💼 NIST CSF v2.0 → 💼 DE.CM-01: Networks and network services are monitored to find potentially adverse events			180	no data
💼 NIST CSF v2.0 → 💼 DE.CM-02: The physical environment is monitored to find potentially adverse events			27	no data
💼 NIST CSF v2.0 → 💼 DE.CM-03: Personnel activity and technology usage are monitored to find potentially adverse events			100	no data
💼 NIST CSF v2.0 → 💼 DE.CM-06: External service provider activities and services are monitored to find potentially adverse events			50	no data
💼 NIST CSF v2.0 → 💼 DE.CM-09: Computing hardware and software, runtime environments, and their data are monitored to find potentially adverse events			181	no data
💼 NIST CSF v2.0 → 💼 ID.IM-01: Improvements are identified from evaluations			45	no data
💼 NIST CSF v2.0 → 💼 ID.IM-02: Improvements are identified from security tests and exercises, including those done in coordination with suppliers and relevant third parties			59	no data
💼 NIST CSF v2.0 → 💼 ID.IM-03: Improvements are identified from execution of operational processes, procedures, and activities			60	no data
💼 NIST CSF v2.0 → 💼 ID.RA-01: Vulnerabilities in assets are identified, validated, and recorded			46	no data
💼 NIST CSF v2.0 → 💼 ID.RA-07: Changes and exceptions are managed, assessed for risk impact, recorded, and tracked			49	no data
💼 NIST SP 800-53 Revision 5 → 💼 AC-4(26) Information Flow Enforcement _ Audit Filtering Actions			17	no data
💼 NIST SP 800-53 Revision 5 → 💼 AU-2 Event Logging	4		26	no data
💼 NIST SP 800-53 Revision 5 → 💼 AU-3 Content of Audit Records	3	13	37	no data
💼 NIST SP 800-53 Revision 5 → 💼 AU-6(3) Audit Record Review, Analysis, and Reporting _ Correlate Audit Record Repositories			16	no data
💼 NIST SP 800-53 Revision 5 → 💼 AU-6(4) Audit Record Review, Analysis, and Reporting _ Central Review and Analysis			16	no data
💼 NIST SP 800-53 Revision 5 → 💼 AU-10 Non-repudiation	5		15	no data
💼 NIST SP 800-53 Revision 5 → 💼 AU-12 Audit Record Generation	4	47	73	no data
💼 NIST SP 800-53 Revision 5 → 💼 CA-7 Continuous Monitoring	6		27	no data
💼 NIST SP 800-53 Revision 5 → 💼 SC-7(9) Boundary Protection _ Restrict Threatening Outgoing Communications Traffic			34	no data
💼 NIST SP 800-53 Revision 5 → 💼 SI-7(8) Software, Firmware, and Information Integrity _ Auditing Capability for Significant Events			16	no data

Logic​

Similar Policies​

Description​

Description​

Rationale​

Impact​

Audit​

Remediation​

Remediation​

Enable Access Logging​

From Command Line​

1. Create an Amazon S3 bucket for access logs​

2. Configure the S3 bucket policy​

policy.yaml​

Linked Framework Sections​

Logic

Similar Policies

Description

Description

Rationale

Impact

Audit

Remediation

Remediation

Enable Access Logging

From Command Line

1. Create an Amazon S3 bucket for access logs

2. Configure the S3 bucket policy

policy.yaml

Linked Framework Sections