Check if Classic Load Balancers with SSL/HTTPS listeners use a certificate provided by AWS Certificate Manager (ACM).
elb_ssl_listeners_use_acm_certificate
This control checks whether the Classic Load Balancer uses HTTPS/SSL certificates provided by AWS Certificate Manager (ACM). The control fails if the Classic Load Balancer does not use a certificate provided by ACM.
Risk
If Classic Load Balancers are not using ACM certificates, it increases the risk of using self-signed or expired certificates, which can impact secure communication and lead to compliance issues.
Run this check with Prowler CLI
prowler aws --checks elb_ssl_listeners_use_acm_certificate
ARN template
arn:aws:elasticloadbalancing:{region}:{account-id}:loadbalancer/{loadbalancer-name}
Remediation
aws elb set-load-balancer-listener-ssl-certificate --load-balancer-name <load-balancer-name> --load-balancer-port <port> --ssl-certificate-id <certificate-id>
https://docs.aws.amazon.com/securityhub/latest/userguide/elb-controls.html#elb-2
Use AWS Certificate Manager (ACM) to manage SSL/TLS certificates for your Classic Load Balancer to ensure secure encryption of data in transit.
Source Code
References
Resource Type
AwsElbLoadBalancer