Network misconfigurations

ELB missing inbound rules in their security groups

Risk Level

Informational (4)

Platform(s)
Compliance Frameworks

Description

An Elastic Load Balancer has a security group with no inbound rules. Such a security group will prevent the load balancer from receiving any incoming traffic, regardless of the source and destination.
  • Recommended Mitigation

    Define inbound rules for the security groups associated with your load balancers while adhering to the principle of least privilege.