lacework-global-720
Load balancer has no inbound rules or listeners (Automated)
Description
Alert when a load balancer has no listeners or rule sets configured. Ensure that your OCI load balancers use inbound rules or listeners to only allow access from known resources.
Remediation
OCI load balancers enable end-to-end Transport Layer Security (TLS) connections between a client's applications and your Virtual Cloud Network (VCN). A listener is a logical entity that checks for incoming traffic on the load balancer's IP address.
From Console:
Login into the OCI Console.
From the navigation menu, click Networking.
Click Load Balancer.
Select the name of a Load Balancer without a listener or rule set.
To set up a listener, click Listeners, then click the Create listener button, and specify the required information.
To set up a rule set, click Rule sets, then click the Create rule set button, and specify the required information.
Note: Rule Sets only apply to HTTP listeners
From CLI:
Execute the following command:
oci lb load-balancer list --compartment-id <compartment_id>
- For each Load Balancer listed, ensure that it has either a listener or rule set configured. If not, then:
Create a listener:
oci lb listener create --default-backend-set-name <name-of-associated-backend-set> --load-balancer-id <ocid-of-load-balancer> --name <name-for-listener> --port <port-for-communications> --protocol <protocol-for-listener>OR
Create a rule set:
oci lb rule-set create --load-balancer-id <ocid-of-load-balancer> --name <name-for-rule-set> --items '[<json-array-of-rules>]'For example:
oci lb listener create --default-backend-set-name backend-set --load-balancer-id ocid1.loadbalancer.oc1.us-sanjose-1.xxxxxxxxxxxxxxxxxxxxxx --name new-compliant-listener --port 22 --protocol TCP