Prisma Cloud: How to stop Elastic Load Balancers from violating 'AWS Elastic Load Balancer with listener TLS/SSL is not configured' policy

Prisma Cloud: How to stop Elastic Load Balancers from violating 'AWS Elastic Load Balancer with listener TLS/SSL is not configured' policy

7554
Created On 12/22/21 01:40 AM - Last Modified 01/27/23 21:55 PM


Objective


How to configure Elastic Load Balancers in the AWS console to be compliant with the 'AWS Elastic Load Balancer with listener TLS/SSL is not configured' policy which is creating alerts in Prisma Cloud.

Environment


  • Prisma Cloud
  • AWS 
  • Elastic Load Balancers

Procedure


1. Login to AWS console 
 ​​​2. Search for EC2
    User-added image
  
3. Select Load Balancers
      User-added image

4. Select the desired load balancer and click the listeners tab
      User-added image

5. Select TLS, change the port number to what you need, and select an ACM cert to use
      User-added image


 

Additional Information


Alerts are generated in Prisma Cloud for 'AWS Elastic Load Balancer with listener TLS/SSL is not configured' policy because in the AWS console, if the user goes to edit any of the non SSL protocols/ports, it shows N/A in the space to configure the cert ID which puts ELBs in violation of this policy.
User-added image
Other users also viewed:
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA14u0000004Md4CAE&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail

Choose Language