AWS ElasticLoadBalancingV2
Best practices and references below are based on published guidance from the cloud service provider and may reference native capabilities the cloud service provider offers. If you are not using the native security capabilities, the same security requirement can be met using other security capabilities your organization utilizes
Alpn Policy |
Drop_invalid_header_fields-Enabled |
Design Guidance:
Certificates-Certificate Arn |
Certificates-Certificate Arn | ||
Listener Arn |
Authenticate Cognito Config-Authentication Request Extra Params | ||
Authenticate Oidc Config-Authentication Request Extra Params |
Authenticate Cognito Config-On Unauthenticated Request | ||
Authenticate Cognito Config-Session Cookie Name | ||
Authenticate Oidc Config-On Unauthenticated Request | ||
Authenticate Oidc Config-Session Cookie Name |
Authenticate Cognito Config-On Unauthenticated Request | ||
Authenticate Cognito Config-Session Cookie Name | ||
Authenticate Oidc Config-On Unauthenticated Request | ||
Authenticate Oidc Config-Session Cookie Name |
Authenticate Cognito Config-Session Timeout | ||
Authenticate Oidc Config-Session Timeout |
Authenticate Cognito Config-Session Timeout | ||
Authenticate Oidc Config-Session Timeout |
Design Guidance:
Authenticate Cognito Config-User Pool Arn | ||
Authenticate Cognito Config-User Pool Domain | ||
Authenticate Oidc Config-Authorization Endpoint | ||
Authenticate Oidc Config-Client Id | ||
Authenticate Oidc Config-Client Secret | ||
Authenticate Oidc Config-Issuer | ||
Authenticate Oidc Config-Token Endpoint | ||
Authenticate Oidc Config-User Info Endpoint | ||
Default Actions-Type |
Authenticate Cognito Config-User Pool Arn | ||
Authenticate Cognito Config-User Pool Client Id | ||
Authenticate Cognito Config-User Pool Domain | ||
Authenticate Oidc Config-Authorization Endpoint | ||
Authenticate Oidc Config-Client Secret | ||
Authenticate Oidc Config-Issuer | ||
Authenticate Oidc Config-Token Endpoint | ||
Authenticate Oidc Config-User Info Endpoint | ||
Actions-Type |
Authenticate Cognito Config-User Pool Client Id |
Authenticate Oidc Config-Client Id |
Fixed Response Config-Content Type | ||
Fixed Response Config-Message Body | ||
Fixed Response Config-Status Code |
Fixed Response Config-Content Type | ||
Fixed Response Config-Message Body | ||
Fixed Response Config-Status Code |
Design Guidance:
Default Actions-Target Group Arn | ||
Load Balancer Arn | ||
Port |
Actions-Target Group Arn | ||
Listener Arn |
Port | ||
Algorithm-Type | ||
Target Type | ||
Targets-Port |
Type |
Design Guidance:
Protocol | ||
SSL Policy |
Redirect Config-Protocol |
Health Check Protocol | ||
Protocol |
Redirect Config-Port |
Design Guidance:
Health Check Enabled | ||
Health Check Interval Seconds | ||
Health Check Path | ||
Health Check Port | ||
Health Check Timeout Seconds | ||
Healthy Threshold Count | ||
Matcher-HTTP Code | ||
Targets-Id | ||
Unhealthy Threshold Count |
Deletion_protection-Enabled |
Design Guidance:
Name | ||
Tags |
Name | ||
Tags |
Design Guidance:
Deregistration_delay-Timeout_seconds |
Design Guidance:
Stickiness-Enabled | ||
Stickiness-Type |
Proxy_protocol_v2-Enabled |
Design Guidance:
VPC Id |
Subnet Mappings | ||
Subnet Mappings-Allocation Id | ||
Subnet Mappings-Private Ipv4address | ||
Subnet Mappings-Subnet Id |
Design Guidance:
Key-Access_logs | ||
S3-Enabled | ||
S3-Bucket | ||
S3-Prefix |
Design Guidance:
Scheme | ||
Subnets |
Design Guidance:
Security Groups |
Last modified 7mo ago