Guided Walkthroughs

Configuration Packages

Custom Packages

By Implementation

Service Control PoliciesConfig RulesAuto Remediation RulesConformance PacksAmazon GuardDutyAmazon InspectorAWS Security HubAWS Network FirewallRoute53 Resolver SecurityAmazon MacieS3 Bucket PoliciesCloudWatch Alarms and Event RulesAWS WAFAWS Secrets ManagerAWS Systems ManagerSecurity Groups & NACLsAWS KMSAWS SSOIAM PoliciesVPC Endpoint PoliciesCloudFormation Guard RulesLoad BalancersRDS Event SubscriptionsAWS Resource Access Manager (RAM)

By Service Protected

Reference Guides

Other

Load Balancers

A collection of AWS Security controls for AWS Load Balancers. Controls include configuration to create Application Load Balancers (ALB) and Network Load Balancers (NLB). Configuration templates are available in AWS CloudFormation, AWS CLI and Terraform

Load Balancer

Configuration to create an Application Load Balancer (ALB), target groups and listeners in an AWS VPC to load balance incoming traffic to targets such as EC2 instances or Lambda functions. The ALB also includes health checks to ensure the state of the targets before forwarding traffic.

CloudFormationTerraformAWS CLI

Configuration to create a Network Load Balancer (NLB), target groups and listeners in an AWS VPC to load balance incoming traffic to targets such as EC2 instances or ALBs. The NLB also includes health checks to ensure the state of the targets before forwarding traffic.

CloudFormationTerraformAWS CLI
Auto Scaling Group

Configuration for an Auto Scaling Group which creates a logical grouping of EC2 instances, and enables you to use features such as health check replacements and scaling policies. Auto scaling groups also maintain the number of EC2 instances within the defined limits.

CloudFormationTerraformAWS CLI
Config Rule

Checks whether the Classic Load Balancers use SSL certificates provided by AWS Certificate Manager. To use this rule, use an SSL or HTTPS listener with your Classic Load Balancer. This rule is only applicable to Classic Load Balancers. This rule does not check Application Load Balancers and Network Load Balancers.

CloudFormationTerraformAWS CLI

Checks whether your Classic Load Balancer SSL listeners are using a custom policy. The rule is only applicable if there are SSL listeners for the Classic Load Balancer.

CloudFormationTerraformAWS CLI

Checks whether your Classic Load Balancer SSL listeners are using a predefined policy. The rule is only applicable if there are SSL listeners for the Classic Load Balancer.

CloudFormationTerraformAWS CLI

A Config rule that checks whether the Application Load Balancers and the Classic Load Balancers have logging enabled. The rule is NON_COMPLIANT if the the access_logs.s3.enabled is true and access_logs.S3.bucket is equal to the s3BucketName that you provided.

CloudFormationTerraformAWS CLI

A Config rule that checks whether your Classic Load Balancer is configured with SSL or HTTPS listeners. The rule is applicable if a Classic Load Balancer has listeners.

CloudFormationTerraformAWS CLI

A Config rule that checks if cross-zone load balancing is enabled for the Classic Load Balancers (CLBs). This rule is NON_COMPLIANT if cross-zone load balancing is not enabled for a CLB.

CloudFormationTerraformAWS CLI

A Config rule that checks whether your Auto Scaling groups that are associated with a load balancer are using Elastic Load Balancing health checks.

CloudFormationTerraformAWS CLI

A Config rule that checks whether Elastic Load Balancing has deletion protection enabled. The rule is NON_COMPLIANT if deletion_protection.enabled is false

CloudFormationTerraformAWS CLI

A Config rule that checks if Application Load Balancers and Network Load Balancers have listeners that are configured to use certificates from AWS Certificate Manager (ACM). This rule is NON_COMPLIANT if at least 1 load balancer has at least 1 listener that is configured without a certificate from ACM or is configured with a certificate different from an ACM certificate.

CloudFormationTerraformAWS CLI

A Config rule that checks if an Elastic Load Balancer V2 (Application, Network, or Gateway Load Balancer) has registered instances from multiple Availability Zones (AZs). The rule is NON_COMPLIANT if an Elastic Load Balancer V2 has instances registered in less than 2 AZs.

CloudFormationTerraformAWS CLI
Load Balancer
Auto Scaling Group
Config Rule