Description:  

Elastic Load Balancer(ELB) automatically distributes your incoming traffic across multiple targets, such as EC2 instances, containers, and IP addresses, in one or more Availability Zones. It monitors the health of its registered targets and routes traffic only to the healthy targets. Elastic Load Balancing scales your load balancer as your incoming traffic changes over time. It can automatically scale to the vast majority of workloads.


Rationale:

Elastic Load Balancing provides access logs that capture detailed information about requests sent to your load balancer. Each log contains information such as the time the request was received, the client's IP address, latencies, request paths, and server responses. You can use these access logs to analyze traffic patterns and troubleshoot issues.


Impact:

By enabling the ELB logs we can analyze traffic patterns and troubleshoot issues.


Default Value:

Access logging is an optional feature of Elastic Load Balancing that is disabled by default.


Audit:

  1. Sign-in into the AWS console.

  2.  Go to EC2 Dashboard https://console.aws.amazon.com/ec2/

  3. Click on Load Balancers in the Navigation pane.

  4. Select the corresponding load balancer to which we have to check the logging is enabled.
  5. Go to the Attributes section in the Description tab and check whether Access logging is enabled or disabled


Remediation:

Pre-requisites:

To Store the logs generated by ELB, we need to have an S3 bucket and should reside in the same region where the load balancer is created. 


Implementation:

  1. Sign-in into the AWS console.

  2.  Go to EC2 Dashboard https://console.aws.amazon.com/ec2/

  3. Click on Load Balancers in the Navigation pane.

  4. Select the corresponding load balancer to which you want to enable the logging
  5. Go to the Attributes section in the Description tab and click on Edit Attributes
  6. Check the Enable checkBox for Access logging
    • For S3 location, enter the name of your S3 bucket, including any prefix (for example, my-loadbalancer-logs/my-app). You can specify the name of an existing bucket or a name for a new bucket. If you specify an existing bucket, be sure that you own this bucket and that you configured the required bucket policy.

    • (Optional) If the bucket does not exist, choose Create this location for me. You must specify a name that is unique across all existing bucket names in Amazon S3 and follows the DNS naming conventions. 

  7. Click on save


Backout Plan:

To disable the access logs for the ELB,

  1. Sign-in into the AWS console.

  2.  Go to EC2 Dashboard https://console.aws.amazon.com/ec2/

  3. Click on Load Balancers in the Navigation pane.

  4. Select the corresponding load balancer to which you want to enable the logging

  5. Go to the Attributes section in the Description tab and click on Edit Attributes

  6. Uncheck the Enable checkBox for Access logging and click on save


References:

Access logs for your Application Load Balancer - Elastic Load Balancing