Checks whether the access control feature is enabled for all listeners of each Application Load Balancer (ALB) instance. If so, the evaluation result is Compliant.
Scenarios
This rule applies when you need to configure the access control feature. This feature helps you reduce network exposure and ensures network security in cloud environments.
Risk level
Default risk level: medium.
When you apply this rule, you can change the risk level based on your business requirements.
Compliance evaluation logic
- If the access control feature is enabled for all listeners of each ALB instance, the evaluation result is Compliant.
- If the access control feature is disabled for a running listener of an ALB instance, the evaluation result is Incompliant. For more information about how to remediate an incompliant configuration, see Incompliance remediation.
- This rule does not apply to ALB instances for which no listeners are configured.
Rule details
| Item | Description |
|---|---|
| Rule name | alb-all-listener-enabled-acl |
| Rule identifier | alb-all-listener-enabled-acl |
| Tag | ALB and Listener |
| Automatic remediation | Not supported |
| Trigger type | Periodic execution |
| Evaluation frequency | Interval of 24 hours |
| Supported resource type | ALB instance |
| Input parameter | None. |
Incompliance remediation
Enable the access control feature for a running listener of an ALB instance. For more information, see Access control.