LOW

Ensure ALB sticky sessions use secure cookies

ALB sticky sessions should use duration-based cookies with secure settings.

Security Impact

Insecure session cookies can be hijacked or manipulated.

How to Remediate

Configure duration-based stickiness with appropriate duration. Ensure application cookies are marked secure.

Affected Resources

AWS::ElasticLoadBalancingV2::TargetGroup

Compliance Frameworks

SOC 2OWASP

How TigerGate Helps

TigerGate continuously monitors your AWS environment to detect and alert on this misconfiguration. Here's what our platform does for this specific check:

  • Continuous Scanning

    Automatically scans all Elastic Load Balancing (ELB) resources across your AWS accounts every hour

  • Instant Alerts

    Get notified via Slack, email, or webhooks when this misconfiguration is detected

  • One-Click Remediation

    Fix this issue directly from the TigerGate dashboard with our guided remediation

  • Compliance Evidence

    Automatically collect audit evidence for SOC 2, OWASP compliance

  • Drift Detection

    Get alerted if this configuration drifts back to an insecure state after remediation

Check Details

Check ID
aws-elb-16
Service
Elastic Load Balancing (ELB)
Category
Web Security
Severity
LOW

Automate This Check

TigerGate automatically scans your AWS environment for this and 575+ other security checks.

Start Free Trial

Related Elastic Load Balancing (ELB) Checks

View all checks
aws-elb-1medium

Ensure ELB access logging is enabled

aws-elb-2high

Ensure ALB has WAF enabled

aws-elb-3high

Ensure ELB uses secure TLS protocols

aws-elb-4high

Ensure ALB redirects HTTP to HTTPS

aws-elb-5medium

Ensure ELB has deletion protection enabled