Skip to content

alb-not-public

Explanation

There are many scenarios in which you would want to expose a load balancer to the wider internet, but this check exists as a warning to prevent accidental exposure of internal assets. You should ensure that this resource should be exposed publicly.

Possible Impact

The load balancer is exposed on the internet

Suggested Resolution

Switch to an internal load balancer or add a tfsec ignore

Insecure Example

The following example will fail the aws-elbv2-alb-not-public check.

resource "aws_alb" "bad_example" {
    internal = false
}

Secure Example

The following example will pass the aws-elbv2-alb-not-public check.

resource "aws_alb" "good_example" {
    internal = true
}