Terraform AWS ELB
Classic Load Balancers with listeners, health checks, SSL certificates, cross zone balancing, connection draining, access logging, and security group controlled ingress.
Controls Enforced
The following compliance controls are enforced by this module at terraform plan time.
- Classic Load Balancers should have connection draining enabled low effort
- ELB classic load balancers should have cross-zone load balancing enabled low effort
- ELB classic load balancers should be configured with defensive or strictest desync mitigation mode low effort
- ELB classic load balancers should span multiple availability zones low effort
Quick Start
module "elb" {
source = "acscessentialeight.compliance.tf/terraform-aws-modules/elb/aws"
version = "<version>"
# ... your arguments here
}
module "elb" {
source = "acscism2023.compliance.tf/terraform-aws-modules/elb/aws"
version = "<version>"
# ... your arguments here
}
module "elb" {
source = "awscontroltower.compliance.tf/terraform-aws-modules/elb/aws"
version = "<version>"
# ... your arguments here
}
module "elb" {
source = "awsgenai.compliance.tf/terraform-aws-modules/elb/aws"
version = "<version>"
# ... your arguments here
}
module "elb" {
source = "awswellarchitected.compliance.tf/terraform-aws-modules/elb/aws"
version = "<version>"
# ... your arguments here
}
module "elb" {
source = "cccsmedium.compliance.tf/terraform-aws-modules/elb/aws"
version = "<version>"
# ... your arguments here
}
module "elb" {
source = "cfrpart11.compliance.tf/terraform-aws-modules/elb/aws"
version = "<version>"
# ... your arguments here
}
module "elb" {
source = "cisv140.compliance.tf/terraform-aws-modules/elb/aws"
version = "<version>"
# ... your arguments here
}
module "elb" {
source = "cisv500.compliance.tf/terraform-aws-modules/elb/aws"
version = "<version>"
# ... your arguments here
}
module "elb" {
source = "cis.compliance.tf/terraform-aws-modules/elb/aws"
version = "<version>"
# ... your arguments here
}
module "elb" {
source = "cisv80ig1.compliance.tf/terraform-aws-modules/elb/aws"
version = "<version>"
# ... your arguments here
}
module "elb" {
source = "cisacyberessentials.compliance.tf/terraform-aws-modules/elb/aws"
version = "<version>"
# ... your arguments here
}
module "elb" {
source = "eugmpannex11.compliance.tf/terraform-aws-modules/elb/aws"
version = "<version>"
# ... your arguments here
}
module "elb" {
source = "fedramplow.compliance.tf/terraform-aws-modules/elb/aws"
version = "<version>"
# ... your arguments here
}
module "elb" {
source = "fedrampmoderate.compliance.tf/terraform-aws-modules/elb/aws"
version = "<version>"
# ... your arguments here
}
module "elb" {
source = "ffiec.compliance.tf/terraform-aws-modules/elb/aws"
version = "<version>"
# ... your arguments here
}
module "elb" {
source = "gdpr.compliance.tf/terraform-aws-modules/elb/aws"
version = "<version>"
# ... your arguments here
}
module "elb" {
source = "hipaa.compliance.tf/terraform-aws-modules/elb/aws"
version = "<version>"
# ... your arguments here
}
module "elb" {
source = "iso27001.compliance.tf/terraform-aws-modules/elb/aws"
version = "<version>"
# ... your arguments here
}
module "elb" {
source = "nis2.compliance.tf/terraform-aws-modules/elb/aws"
version = "<version>"
# ... your arguments here
}
module "elb" {
source = "nist800171.compliance.tf/terraform-aws-modules/elb/aws"
version = "<version>"
# ... your arguments here
}
module "elb" {
source = "nist80053.compliance.tf/terraform-aws-modules/elb/aws"
version = "<version>"
# ... your arguments here
}
module "elb" {
source = "nistcsf.compliance.tf/terraform-aws-modules/elb/aws"
version = "<version>"
# ... your arguments here
}
module "elb" {
source = "nydfs23.compliance.tf/terraform-aws-modules/elb/aws"
version = "<version>"
# ... your arguments here
}
module "elb" {
source = "pcidss.compliance.tf/terraform-aws-modules/elb/aws"
version = "<version>"
# ... your arguments here
}
module "elb" {
source = "rbicybersecurity.compliance.tf/terraform-aws-modules/elb/aws"
version = "<version>"
# ... your arguments here
}
module "elb" {
source = "rbiitfnbfc.compliance.tf/terraform-aws-modules/elb/aws"
version = "<version>"
# ... your arguments here
}
module "elb" {
source = "soc2.compliance.tf/terraform-aws-modules/elb/aws"
version = "<version>"
# ... your arguments here
}
See the Get Started guide to get started and read the Features section for more details on how to customize the module for your requirements.
Migration from Upstream
Already using terraform-aws-modules? Change only the source URL:
module "elb" {
source = "terraform-aws-modules/elb/aws"
version = "1.0"
}
module "elb" {
source = "soc2.compliance.tf/terraform-aws-modules/elb/aws"
version = "1.0"
}
Same arguments. Same outputs. Compliance controls are enforced automatically at terraform plan. If a required value is missing, you get a clear validation error telling you what to set.
See the Migration Guide for step-by-step instructions.
Reversibility
No lock-in. Switch back by reverting the source URL to the upstream path:
module "elb" {
source = "terraform-aws-modules/elb/aws"
}
Run terraform init -upgrade. Terraform state is unchanged — same resource addresses, same provider, no compliance.tf-specific resources. Controls you already applied remain in AWS.
Mapped compliance frameworks
ACSC-EE-ML2-7.7: Multi-factor authentication ML2
REL13-BP05: Automate recovery
11.10(a) Validation of systems to ensure accuracy, reliability, consistent intended performance, and the ability to discern invalid or altered records
16 Business Continuity
Denial Of Service Protection (SC-5)
164.308(a)(7)(ii)(C) Emergency mode operation plan
A.8.14 Redundancy of information processing facilities
ID.BE-5
PR.DS-4
- ELB classic load balancers should have cross-zone load balancing enabled
- ELB classic load balancers should span multiple availability zones
PR.PT-5
5.3.4: Anti-malware mechanisms and processes are active, maintained, and monitored.
10.2.1: Audit logs are implemented to support the detection of anomalies and suspicious activity, and the forensic analysis of events.
10.2.1.1: Audit logs are implemented to support the detection of anomalies and suspicious activity, and the forensic analysis of events.
10.2.1.2: Audit logs are implemented to support the detection of anomalies and suspicious activity, and the forensic analysis of events.
10.2.1.3: Audit logs are implemented to support the detection of anomalies and suspicious activity, and the forensic analysis of events.
10.2.1.4: Audit logs are implemented to support the detection of anomalies and suspicious activity, and the forensic analysis of events.
10.2.1.5: Audit logs are implemented to support the detection of anomalies and suspicious activity, and the forensic analysis of events.
10.2.1.6: Audit logs are implemented to support the detection of anomalies and suspicious activity, and the forensic analysis of events.
10.2.1.7: Audit logs are implemented to support the detection of anomalies and suspicious activity, and the forensic analysis of events.
10.2.2: Audit logs are implemented to support the detection of anomalies and suspicious activity, and the forensic analysis of events.
10.3.1: Audit logs are protected from destruction and unauthorized modifications.
10.6.3: Time-synchronization mechanisms support consistent time settings across all systems.
A1.2.1: Multi-tenant service providers facilitate logging and incident response for all customers.
A1.2.3: Processes or mechanisms are implemented for reporting and addressing suspected or confirmed security incidents and vulnerabilities
Framework Coverage
Which controls from this module are active under each framework endpoint. ● enforced by default · ○ not activated by this endpoint
| Control | NIST Cybersecurity Framework v2.0 | RBI IT Framework for NBFCs | ACSC Essential Eight | AWS Well-Architected Framework v10 | Title 21 CFR Part 11 | CISA Cyber Essentials | EU GMP Annex 11 | FedRAMP Low Baseline Rev 4 |
|---|---|---|---|---|---|---|---|---|
| Classic Load Balancers should have connection draining enabled | ○ | ○ | ○ | ○ | ○ | ○ | ○ | ○ |
| ELB classic load balancers should have cross-zone load balancing enabled | ● | ● | ○ | ○ | ● | ● | ● | ● |
| ELB classic load balancers should be configured with defensive or strictest desync mitigation mode | ○ | ○ | ● | ○ | ○ | ○ | ○ | ○ |
| ELB classic load balancers should span multiple availability zones | ● | ● | ○ | ● | ○ | ○ | ○ | ○ |
Showing top 8 frameworks by coverage. All framework endpoints →