Skip to main content

lacework-global-223

ELB Security Group should have Outbound Rules attached to it

Description

It is recommended that you create outbound rules in security groups used by the Elastic Load Balancer (ELB) to restrict the outbound traffic from the load balancer to only the necessary ports and IP addresses. If no outbound rules exist in the security group associated with the ELB, no outbound traffic from the ELB is allowed.

Remediation

  1. Sign in to the AWS Management Console.

  2. Navigate to EC2 dashboard at https://console.aws.amazon.com/ec2/.

  3. Select LOAD BALANCING > Load Balancers.

  4. Select the Load Balancer that was flagged as having a violating security group attached.

  5. Select the Description tab.

  6. Under Security, select the link to the security group that does not have any outbound rules and therefore was flagged as a violation.

  7. Click the Outbound rules tab.

  8. Click Edit outbound rules. Create outbound rules to restrict the outgoing traffic from the ELB to specific ports and IP address ranges.

  9. CLick Save rules.