feat(elb): add new check elb_ssl_https_listeners_use_acm_certificates
#5424
+438
−5
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Context
Added a new check to make sure Classic Load Balancers with SSL/HTTPS listeners =use certificates provided by AWS Certificate Manager (ACM) to enhance security. This control checks whether the load balancer's HTTPS/SSL listener is configured with an ACM-provided certificate, and fails if it is not.
AWS recommends using ACM to create or import SSL/TLS certificates for load balancers due to its integration with Classic Load Balancers and its ability to automate certificate renewal, simplifying management and improving security. Using ACM certificates ensures the encryption of data-in-transit, aligning with industry best practices and compliance standards.
Description
Added
certificate_arn
toListener
model inelb_service
. Adde new checkelb_ssl_https_listeners_use_acm_certificates
with respective unit tests and metadata.Checklist
License
By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.