Network misconfigurations

Classic Load Balancer (ELB) with public access

Risk Level

Hazardous (3)



Classic Load Balancer (ELB) provides basic load balancing across multiple Amazon EC2 instances and operates at both the request level and connection level. The load balancer {AwsEc2Elb} was discovered to be associated with a security group {AwsEc2Elb.SecurityGroups} that allows public ingress access without IP filtering ( Load balancer configured with public access opens the application hosted behind the load balancer to attacks from malicious entities on the Internet.