More Info:

Ensure that HTTPS is enabled for the load balancer associated with your Amazon Elastic Beanstalk application environment in order to handle encrypted web traffic. By default, the load balancer handles unencrypted traffic requests (HTTP) through port 80. To enable HTTPS traffic over port 443, you must create and configure an HTTPS listener for the associated load balancer.

Risk Level

High

Address

Security

Compliance Standards

SOC2,GDPR,PCIDSS,NIST,HITRUST,NISTCSF

Remediation

How to ensure that HTTPS is enabled for EC2 ElasticBeanstalk Load Balancer

Using AWS Console

  1. Log in to the AWS Management Console using your AWS account credentials.
  2. Navigate to the Elastic Beanstalk service by selecting “Elastic Beanstalk” from the services menu.
  3. In the Elastic Beanstalk dashboard, select the appropriate environment that you want to configure for HTTPS.
  4. In the environment details page, click on the “Configuration” tab in the left navigation pane.
  5. Scroll down to the “Load Balancer” section and click on the “Edit” button next to “Load balancer settings”.
  6. In the “Secure listener port” field, ensure that the value is set to 443. This is the default port for HTTPS.
  7. In the “SSL certificate ID” field, select or upload the appropriate SSL certificate for your domain. If you haven’t already uploaded the SSL certificate to AWS Certificate Manager (ACM), you can do so by clicking on the “Upload” button and following the instructions.
  8. Optionally, you can choose to enable “HTTP to HTTPS redirection” by checking the box next to it. This will automatically redirect HTTP traffic to HTTPS.
  9. Click on the “Apply” button to save the changes and update the environment configuration.
  10. Wait for the environment update to complete. This may take a few minutes.
  11. Once the update is complete, your Elastic Beanstalk environment’s load balancer should be configured to use HTTPS.
  12. Test the HTTPS connectivity by accessing your application using the HTTPS protocol (e.g., https://your-domain.com). Ensure that the SSL certificate is valid and the connection is secure.

Additional Reading: