AWS ALB listeners should be configured with HTTPS or TLS termination

firetail:aws-alb-non-ssl-listener

Type:

CSPM

Rule Severity:

Low

The Application Load Balancer (ALB) has one or more listeners that are not configured to use TLS or HTTPS protocols for front-end connections.

This configuration exposes sensitive data to potential interception, as connections are transmitted in plaintext without encryption. Such a setup increases the risk of data breaches and non-compliance with modern security and privacy standards.

Remediation

Update the Application Load Balancer's listeners to use TLS or HTTPS protocols for secure communication. Apply a strong, predefined security policy that enforces modern encryption standards.

Example Attack Scenario

An attacker intercepts traffic between a client and an Application Load Balancer that is not configured to use HTTPS or TLS. Because the connection is unencrypted, the attacker can easily capture sensitive data, such as login credentials or session tokens, by performing a man-in-the-middle attack. This can lead to data breaches, unauthorized access, or even identity theft.

How to Identify with Example Scenario

How to Resolve with Example Scenario

How to Identify with Example Scenario

Find the text in bold to identify issues such as these in API specifications

How to Resolve with Example Scenario

Modify the text in bold to resolve issues such as these in API specifications
References:

More findings

All Findings
Plaintext basic authentication
Field suggestions
Twilio secrets found in logs
AWS ALB listeners should be configured with a strong security policy
Average request payload size elevated
Google secrets found in logs