Control: AWS > PCI v3.2.1 > ELBV2 > 1 Application Load Balancer should be configured to redirect all HTTP requests to HTTPS
This control checks whether HTTP to HTTPS redirection is configured on all HTTP listeners of Application Load Balancers. The control fails if any of the HTTP listeners of Application Load Balancers do not have HTTP to HTTPS redirection configured.
Before you start to use your Application Load Balancer, you must add one or more listeners. A listener is a process that uses the configured protocol and port to check for connection requests. Listeners support both the HTTP and HTTPS protocols. You can use an HTTPS listener to offload the work of encryption and decryption to your load balancer. To enforce encryption in transit, you should use redirect actions with Application Load Balancers to redirect client HTTP requests to an HTTPS request on port 443.
Remediation
To enable VPC flow logging
- Open the Amazon EC2 console.
- In the navigation pane, under Load Balancing, choose Load balancers.
- Choose an
Application Load Balancer
. - Choose Listeners.
- Select the check box for an HTTP listener (port 80 TCP) and then choose Edit.
- If there is an existing rule, you must delete it. Otherwise, choose Add action and then choose Redirect to....
- Choose
HTTPS
and then enter443
. - Choose the check mark in a circle symbol and then choose Update.
PCI requirement(s): 2.3, 4.1
Resource Types
This control targets the following resource types:
Category
In Your Workspace
Developers
- tmod:@turbot/aws-pciv3-2-1#/control/types/elbApplicationLbRedirectHttpRequestToHttps
- tmod:@turbot/turbot#/control/categories/compliancePci
- turbot graphql controls --filter "controlTypeId:tmod:@turbot/aws-pciv3-2-1#/control/types/elbApplicationLbRedirectHttpRequestToHttps"
Get Controls