Network misconfigurations

ELB missing outbound rules in their security groups

Risk Level

Informational (4)

Platform(s)
Compliance Frameworks

Description

An Elastic Load Balancer (ELB) has a security group with no outbound rules. A security group without any outbound rules rejects all outgoing traffic. This means that all outgoing traffic originating from your cloud assets (instances, containers, etc.) will be dropped when it reaches the ELB layer.
  • Recommended Mitigation

    Ensure that all security groups attached to load balancers have at least one outbound rule.