Skip to main content

lacework-global-223

Elastic Load Balancer (ELB) Security Group should have Outbound Rules attached to it

Description

Best practices recommend that you create outbound rules in security groups used by the Elastic Load Balancer (ELB) to restrict the outbound traffic from the load balancer to only the necessary ports and IP addresses. The ELB does not allow outbound traffic if no outbound rules exist in the security group associated with the ELB.

Remediation

  1. Sign in to the AWS Management Console.
  2. Navigate to EC2 dashboard at https://console.aws.amazon.com/ec2/.
  3. Select Load Balancing > Load Balancers.
  4. Select the Load Balancer that has a violating security group attached.
  5. Select the Description tab.
  6. Under Security, select the link to the security group that does not have any outbound rules and therefore is a violation.
  7. Click the Outbound rules tab.
  8. Click Edit outbound rules. Create outbound rules to restrict the outgoing traffic from the ELB to specific ports and IP address ranges.
  9. CLick Save rules.