Json Yaml Missing Deletion Protection Elb

Description

Detects AWS Elastic Load Balancer (ELBv2/Application Load Balancer) resources in CloudFormation templates that do not have deletion protection enabled. Without deletion protection, load balancers can be accidentally deleted, potentially causing service disruption.

Weakness:

258 - Lack of protection against deletion - ELB

Category: Functionality Abuse

Detection Strategy

• Identifies CloudFormation resources of type 'AWS::ElasticLoadBalancingV2::LoadBalancer'

• Checks if the LoadBalancer resource has deletion protection property configured

• Reports a vulnerability if deletion protection is either missing or set to false

Vulnerable code example

Resources:
  VulnerableLoadBalancer:
    Type: AWS::ElasticLoadBalancingV2::LoadBalancer
    Properties:
      Name: vulnerable-load-balancer
      IpAddressType: String
      LoadBalancerAttributes:
        - Key: deletion_protection.enabled...

✅ Secure code example

Resources:
  SecureLoadBalancer1:
    Type: AWS::ElasticLoadBalancingV2::LoadBalancer
    Properties:
      Name: secure-load-balancer-1
      IpAddressType: ipv4  # Proper IP address type specification
      LoadBalancerAttributes:
        - Key: deletion_protection.enabled...

Free trial

Search for vulnerabilities in your apps for free with Fluid Attacks' automated security testing! Start your 21-day free trial and discover the benefits of the Continuous Hacking Essential plan. If you prefer the Advanced plan, which includes the expertise of Fluid Attacks' hacking team, fill out this contact form.