1. Navigate to the AWS Management Console and go to the EC2 dashboard.
2. In the navigation pane, under the ‘Load Balancing’ section, click on ‘Load Balancers’.
3. Select the Classic Load Balancer that needs to be remediated.
4. Under the ‘Listeners’ tab, identify the listener that does not have an ACM certificate attached.
5. Click on the ‘Edit’ button next to the listener that needs to be remediated.
6. In the ‘Edit Listener’ configuration, select the protocol (HTTP or HTTPS) for the listener.
7. For HTTPS protocol, select ‘HTTPS’ from the drop-down menu and choose the appropriate port.
8. In the ‘SSL certificate’ drop-down menu, select ‘Choose a certificate from ACM (recommended)’.
9. Select the ACM certificate that you want to attach to this listener from the list of available certificates.
10. Click on the ‘Save’ button to apply the changes.
11. Verify that the ACM certificate is now attached to the listener by checking the ‘Listeners’ tab for the Classic Load Balancer.

​

1. List all your classic ELBs to identify the affected ones:

aws elb describe-load-balancers --query 'LoadBalancerDescriptions[?Scheme==`internet-facing`].[LoadBalancerName]' --output text

2. For each affected classic ELB, update the listener to attach an ACM certificate:

aws elb set-load-balancer-listener-ssl-certificate --load-balancer-name YOUR_LOAD_BALANCER_NAME --load-balancer-port LISTENER_PORT --ssl-certificate-id YOUR_ACM_CERTIFICATE_ARN

• YOUR_LOAD_BALANCER_NAME with the name of your ELB.
• LISTENER_PORT with the port number of the listener you want to update.
• YOUR_ACM_CERTIFICATE_ARN with the ARN of the ACM certificate you want to attach.

3. Verify that the ACM certificate has been successfully attached to the listener:

aws elb describe-load-balancers --load-balancer-name YOUR_LOAD_BALANCER_NAME --query 'LoadBalancerDescriptions[].ListenerDescriptions[?Listener.LoadBalancerPort==`LISTENER_PORT`].Listener.SSLCertificateId' --output text

1. Install the necessary Python libraries: Make sure you have the AWS SDK for Python (Boto3) installed. You can install it using pip:
   Copy

   Ask AI

   pip install boto3
   

2. Write a Python script to check and update the ACM certificate for the Classic ELB listeners: Here is a sample Python script that you can use to check and update the ACM certificate for Classic ELB listeners:
   Copy

   Ask AI

   import boto3
   
   # Initialize the ELB and ACM clients
   elb_client = boto3.client('elb')
   acm_client = boto3.client('acm')
   
   # Specify the Classic ELB name
   elb_name = 'YOUR_CLASSIC_ELB_NAME'
   
   # Get the list of listeners for the Classic ELB
   response = elb_client.describe_load_balancers(LoadBalancerNames=[elb_name])
   listeners = response['LoadBalancerDescriptions'][0]['ListenerDescriptions']
   
   # Check if any listener is missing an ACM certificate
   for listener in listeners:
       if listener['Listener'].get('SSLCertificateId') is None:
           # Get a valid ACM certificate ARN
           response = acm_client.list_certificates()
           acm_certificate_arn = response['CertificateSummaryList'][0]['CertificateArn']
   
           # Update the listener with the ACM certificate
           elb_client.set_load_balancer_listener_ssl_certificate(
               LoadBalancerName=elb_name,
               LoadBalancerPort=listener['Listener']['LoadBalancerPort'],
               SSLCertificateId=acm_certificate_arn
           )
           print(f"Updated ACM certificate for listener on port {listener['Listener']['LoadBalancerPort']}")
   
   

3. Modify the script with your Classic ELB name: Replace 'YOUR_CLASSIC_ELB_NAME' with the name of your Classic ELB.
4. Run the Python script: Save the script to a file (e.g., remediate_acm_cert.py) and run it using Python:
   Copy

   Ask AI

   python remediate_acm_cert.py
   

5. Verify the ACM certificate update: Once the script has run successfully, verify that each listener on the Classic ELB now has an ACM certificate attached.