Cryptographic Security Platform 1.4 - Compliance Manager 10.5.3 installation and administration [PDF][Releases]

Elastic Load Balancing (ELB) is a service provided by Amazon Web Services that automatically distributes incoming application traffic across multiple targets such as Amazon EC2 instances, containers, and IP addresses. ELB uses SSL/TLS certificates to securely terminate connections between clients and load balancers.

ELB provides three types of load balancers:

Application Load Balancer (ALB): Layer 7 (Application layer) load balancing for web applications, HTTP/HTTPS traffic
Network Load Balancer (NLB): Layer 4 (Transport layer) load balancing for extreme performance, TLS/TCP traffic
Classic Load Balancer (CLB): Legacy load balancer (deprecated), supports both Layer 4 and Layer 7

The AWS Elastic Load Balancer Plugin is a discovery tool that connects to your AWS account to scan and extract certificate information from all load balancer types. It retrieves certificates deployed on load balancers along with their configuration context (listeners, target groups, SSL policies), validates certificate formats according to RFC 7468 standards, and exports certificate data in a standardized format for certificate inventory and compliance management purposes.

Features

Multi-LB-Type Discovery: Scans and discovers certificates from ALB, NLB, and CLB load balancers
Comprehensive Context: Provides load balancer configuration context for each certificate (listeners, target groups, SSL policies, availability zones)
SSL Policy Details: Extracts supported protocols and ciphers from SSL policies
RFC 7468 Compliance: Ensures extracted certificate data conforms to RFC 7468 PEM encoding standards
Flexible Authentication: Supports both permanent IAM credentials and temporary session tokens
Multi-Region Support: Can scan load balancers across any AWS region
Standardized Output: Generates certificate scan results in consistent JSON format with URN generation
Comprehensive Validation: Includes configuration validation and schema generation
Security-First Design: Handles sensitive credentials securely with masked input fields